diff options
-rw-r--r-- | config/initializers/content_security_policy.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index b860ff547f8..777612a2716 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -2,7 +2,7 @@ Rails.application.config.content_security_policy do |policy| policy.default_src :self policy.object_src :none policy.worker_src *%w(https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://gitlab.com blob:) - policy.script_src *%w('self' http://localhost:3808 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com http://localhost:45537/) + policy.script_src *%w('self' http://localhost:3808 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com http://localhost:45537) policy.style_src *%w('self' 'unsafe-inline' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net) policy.img_src *%w(* data: blob) policy.frame_src *%w('self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://*.codesandbox.io) |