enable csp

2019-06-27 11:10:29 +02:00 · 2019-06-27 11:10:29 +02:00 · eaf850c1e9
commit eaf850c1e9
parent 4d6719fe7c
4 changed files with 6 additions and 5 deletions
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -59,7 +59,7 @@ Rails.application.configure do
    port: 3000
  }

-  # Use Content-Security-Policy-Report-Only instead of Content-Security-Policy
+  # Use Content-Security-Policy-Report-Only headers
  config.content_security_policy_report_only = true

  # Raises error for missing translations
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -109,7 +109,8 @@ Rails.application.configure do
    host: ENV['APP_HOST']
  }

-  config.content_security_policy_report_only = true
+  # The Content-Security-Policy is NOT in Report-Only mode
+  config.content_security_policy_report_only = false

  config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
 end
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@ -45,7 +45,7 @@ Rails.application.configure do
    protocol: :http
  }

-  # Use Content-Security-Policy-Report-Only instead of Content-Security-Policy
+  # Use Content-Security-Policy-Report-Only headers
  config.content_security_policy_report_only = true

  config.active_job.queue_adapter = :test