discourse

Commit Graph

Author	SHA1	Message	Date
David Taylor	705c898c21	FEATURE: Calculate CSP based on active themes (#6976 )	2019-02-11 12:32:04 +00:00
Kyle Zhao	488fba3c5f	FEATURE: allow plugins and themes to extend the default CSP (#6704 ) * FEATURE: allow plugins and themes to extend the default CSP For plugins: ``` extend_content_security_policy( script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'], style_src: ['https://domain.com/style.css'] ) ``` For themes and components: ``` extend_content_security_policy: type: list default: "script_src:https://domain.com/\|style_src:https://domain.com" ``` * clear CSP base url before each test we have a test that stubs `Rails.env.development?` to true * Only allow extending directives that core includes, for now	2018-11-30 09:51:45 -05:00

Author

SHA1

Message

Date

David Taylor

705c898c21

FEATURE: Calculate CSP based on active themes (#6976 )

2019-02-11 12:32:04 +00:00

Kyle Zhao

488fba3c5f

FEATURE: allow plugins and themes to extend the default CSP (#6704 )

* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now

2018-11-30 09:51:45 -05:00

2 Commits