Maintenance: Remove obsolete CSP header unsafe_inline configuration exception.

2021-09-02 16:35:29 +02:00 · 2021-09-02 16:35:29 +02:00 · 0faf0a0759
parent ce4ca035d6
commit 0faf0a0759
1 changed files with 1 additions and 1 deletions
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@ -37,7 +37,7 @@ Rails.application.config.content_security_policy do |policy|
  policy.font_src    :self, :data
  policy.img_src     '*', :data
  policy.object_src  :none
-  policy.script_src  :self, :unsafe_eval, :unsafe_inline, :strict_dynamic
+  policy.script_src  :self, :unsafe_eval, :strict_dynamic
  policy.style_src   :self, :unsafe_inline
  policy.frame_src   'www.youtube.com', 'player.vimeo.com'
 end