Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-14 15:24:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
discourse/lib/content_security_policy
History
David Taylor c8d438cc63
DEV: Allow CSP to be enabled during QUnit tests (#8668) 
The QUnit rake task starts a server in test mode. We need a tweak to allow dynamic CSP hostnames in test mode. This tweak is already present in development mode.

To allow CSP to work, the browser host/port must match what the server sees. Therefore we need to disable the enforce_hostname middleware in test mode. To keep rspec and production as similar as possible, we skip enforce_hostname using an environment variable.

Also move the qunit rake task to use unicorn, for consistency with development and production.
2020-01-07 12:22:58 +00:00
..
builder.rb
FEATURE: allow extending CSP base-uri and object-src
2019-01-09 15:34:14 -05:00
default.rb
DEV: Remove unsafe-eval from development CSP (#8569)
2019-12-30 12:17:12 +00:00
extension.rb
DEV: Remove unsafe-eval from development CSP (#8569)
2019-12-30 12:17:12 +00:00
middleware.rb
DEV: Allow CSP to be enabled during QUnit tests (#8668)
2020-01-07 12:22:58 +00:00