Fix CSP tests in glitch-soc
This commit is contained in:
parent
403a5c0f3f
commit
73a3228e0f
|
@ -4,7 +4,7 @@
|
||||||
# For further information see the following documentation
|
# For further information see the following documentation
|
||||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||||
|
|
||||||
if Rails.env.production?
|
unless Rails.env.development?
|
||||||
assets_host = Rails.configuration.action_controller.asset_host || "https://#{ENV['WEB_DOMAIN'] || ENV['LOCAL_DOMAIN']}"
|
assets_host = Rails.configuration.action_controller.asset_host || "https://#{ENV['WEB_DOMAIN'] || ENV['LOCAL_DOMAIN']}"
|
||||||
data_hosts = [assets_host]
|
data_hosts = [assets_host]
|
||||||
|
|
||||||
|
|
|
@ -12,15 +12,15 @@ describe 'Content-Security-Policy' do
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"frame-ancestors 'none'",
|
"frame-ancestors 'none'",
|
||||||
"font-src 'self' https://cb6e6126.ngrok.io",
|
"font-src 'self' https://cb6e6126.ngrok.io",
|
||||||
"img-src 'self' https: data: blob: https://cb6e6126.ngrok.io",
|
"img-src 'self' data: blob: https://cb6e6126.ngrok.io",
|
||||||
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
|
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
|
||||||
"media-src 'self' https: data: https://cb6e6126.ngrok.io",
|
"media-src 'self' data: https://cb6e6126.ngrok.io",
|
||||||
"frame-src 'self' https:",
|
"frame-src 'self' https:",
|
||||||
"manifest-src 'self' https://cb6e6126.ngrok.io",
|
"manifest-src 'self' https://cb6e6126.ngrok.io",
|
||||||
"form-action 'self'",
|
"form-action 'self'",
|
||||||
"child-src 'self' blob: https://cb6e6126.ngrok.io",
|
"child-src 'self' blob: https://cb6e6126.ngrok.io",
|
||||||
"worker-src 'self' blob: https://cb6e6126.ngrok.io",
|
"worker-src 'self' blob: https://cb6e6126.ngrok.io",
|
||||||
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io ws://localhost:4000",
|
"connect-src 'self' blob: data: ws://localhost:4000 https://cb6e6126.ngrok.io",
|
||||||
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
|
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
Reference in New Issue