Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)
This commit is contained in:
parent
2c204d904b
commit
8b37dd2c86
|
@ -42,7 +42,7 @@ module CaptchaConcern
|
||||||
end
|
end
|
||||||
|
|
||||||
def extend_csp_for_captcha!
|
def extend_csp_for_captcha!
|
||||||
policy = request.content_security_policy
|
policy = request.content_security_policy&.clone
|
||||||
|
|
||||||
return unless captcha_required? && policy.present?
|
return unless captcha_required? && policy.present?
|
||||||
|
|
||||||
|
@ -54,6 +54,8 @@ module CaptchaConcern
|
||||||
|
|
||||||
policy.send(directive, *values)
|
policy.send(directive, *values)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
request.content_security_policy = policy
|
||||||
end
|
end
|
||||||
|
|
||||||
def render_captcha
|
def render_captcha
|
||||||
|
|
Reference in New Issue