Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

This commit is contained in:
Claire 2023-08-08 15:41:38 +02:00 committed by GitHub
parent 2c204d904b
commit 8b37dd2c86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions

View File

@ -42,7 +42,7 @@ module CaptchaConcern
end end
def extend_csp_for_captcha! def extend_csp_for_captcha!
policy = request.content_security_policy policy = request.content_security_policy&.clone
return unless captcha_required? && policy.present? return unless captcha_required? && policy.present?
@ -54,6 +54,8 @@ module CaptchaConcern
policy.send(directive, *values) policy.send(directive, *values)
end end
request.content_security_policy = policy
end end
def render_captcha def render_captcha