cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add blob to frame-src in CSP for iD

Browse source 
Fixes #2582
Closes #2583
This commit is contained in:
Tom Hughes 2020-04-09 18:42:17 +01:00
parent 7e11d27512
commit 66ec3cd845
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/site_controller.rb
View file

@ -75,6 +75,10 @@ class SiteController < ApplicationController
:plugin_types => %w[application/x-shockwave-flash],
:script_src => %w['unsafe-inline']
)
elsif %w[id].include?(editor)
append_content_security_policy_directives(
:frame_src => %w[blob:]
)
end
begin