From caaafc50c02e562b532d3c8531cd36889cae5f30 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 19 Oct 2020 12:46:25 -0300 Subject: [PATCH] =?UTF-8?q?permitir=20carga=20remota=20de=20im=C3=A1genes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/initializers/content_security_policy.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 7040a8d..05997dd 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -13,9 +13,8 @@ Rails.application.config.content_security_policy do |policy| # Repetimos la default para poder saber cuál es la política en falta policy.script_src :self policy.font_src :self - # TODO: Permitimos cargar imágenes remotas? # XXX: Los íconos de Trix se cargan vía data: - policy.img_src :self, :data + policy.img_src :self, :data, :https # Ya no usamos applets! policy.object_src :none if Rails.env.development?