chore(dev): report to CSP_REPORT_URI instead of non existing /csp

This commit is contained in:
Colin Darie 2023-06-01 19:11:20 +02:00
parent aae90d34de
commit 2a948c6145

View file

@ -53,7 +53,7 @@ Rails.application.config.content_security_policy do |policy|
# CSP are not enforced in development (see content_security_policy_report_only in development.rb) # CSP are not enforced in development (see content_security_policy_report_only in development.rb)
# However we notify a random local URL, to see breakage in the DevTools when adding a new external resource. # However we notify a random local URL, to see breakage in the DevTools when adding a new external resource.
policy.report_uri "http://#{ENV.fetch('APP_HOST')}/csp/" policy.report_uri CSP_REPORT_URI if CSP_REPORT_URI.present?
elsif Rails.env.test? elsif Rails.env.test?
# Disallow all connections to external domains during tests # Disallow all connections to external domains during tests