diff options
Diffstat (limited to 'config/initializers/secure_headers.rb')
-rw-r--r-- | config/initializers/secure_headers.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index d76d345b5..99d515ac2 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -16,7 +16,8 @@ SecureHeaders::Configuration.default do |config| media_src: %w[https:], script_src: %w['self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline'], - style_src: %w['self' 'unsafe-inline' platform.twitter.com *.twimg.com] + style_src: %w['self' 'unsafe-inline' platform.twitter.com *.twimg.com], + manifest_src: %w['self'] } if AppConfig.environment.assets.host.present? |