Merge pull request #2480 from ClearlyClaire/glitch-soc/fixes/csp

Fix image and media loading when using external storage server
main
Claire 2023-11-21 17:36:09 +01:00 committed by GitHub
commit a21fe8687e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions

View File

@ -48,9 +48,9 @@ Rails.application.config.content_security_policy do |p|
p.default_src :none
p.frame_ancestors :none
p.font_src :self, assets_host
p.img_src :self, :data, :blob, assets_host
p.img_src :self, :data, :blob, assets_host, media_host
p.style_src :self, assets_host
p.media_src :self, :data, assets_host
p.media_src :self, :data, assets_host, media_host
p.frame_src :self, :https
p.manifest_src :self, assets_host

View File

@ -12,9 +12,9 @@ describe 'Content-Security-Policy' do
"default-src 'none'",
"frame-ancestors 'none'",
"font-src 'self' https://cb6e6126.ngrok.io",
"img-src 'self' data: blob: https://cb6e6126.ngrok.io",
"img-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io",
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
"media-src 'self' data: https://cb6e6126.ngrok.io",
"media-src 'self' data: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io",
"frame-src 'self' https:",
"manifest-src 'self' https://cb6e6126.ngrok.io",
"form-action 'self'",