Commit graph

10 commits

Author SHA1 Message Date
ThibG
e1629a7758
Remove 'unsafe-inline' from Content-Security-Policy style-src ()
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
2020-05-08 21:22:57 +02:00
ThibG
dea5db0e25
Fix PgHero Content-Security-Policy when CDN_HOST is used () 2020-05-04 13:52:41 +02:00
ThibG
7ddbbdea6d
Fix OCR not working on Safari because of unsupported worker-src CSP ()
Fixes 
2020-03-27 22:35:57 +01:00
ThibG
8203e24cf4 Fix CSP needlessly allowing blob URLs in script-src () 2019-08-19 20:36:58 +02:00
Eugen Rochko
b7f5f0ec10
Fix media host not being included in connect-src for OCR () 2019-08-16 01:54:36 +02:00
Eugen Rochko
28636f43e4
Add OCR tool to media editing modal () 2019-08-15 15:13:26 +02:00
ThibG
8ab081ec32 Add manifest_src to CSP, add blob to connect_src () 2018-10-12 19:07:30 +02:00
Eugen Rochko
edc7f895be
Fix CSP headers blocking media and development environment ()
Regression from 
2018-10-12 01:43:09 +02:00
ThibG
2d27c11061 Set Content-Security-Policy rules through RoR's config ()
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
2018-10-11 20:35:46 +02:00
Yamagishi Kazutoshi
50529cbceb Upgrade Rails to version 5.2.0 () 2018-04-12 14:45:17 +02:00