Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Mini-profiler CSP nonce when in report-only mode (#28664)

This commit is contained in:
David Taylor 2024-09-02 10:04:47 +01:00 committed by GitHub
parent b7164f1283
commit 3fb3ef7c85
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/006-mini_profiler.rb
View File

@ -90,7 +90,7 @@ if defined?(Rack::MiniProfiler) && defined?(Rack::MiniProfiler::Config)
Rack::MiniProfiler.config.content_security_policy_nonce =
Proc.new do |env, headers|
if csp = headers["Content-Security-Policy"]
if csp = headers["Content-Security-Policy"] || headers["Content-Security-Policy-Report-Only"]
csp[/script-src[^;]+'nonce-([^']+)'/, 1]
end
end