github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

CSP: drop 'self' in script-src (#6611)

Browse Source
This commit is contained in:
Kyle Zhao
2018-11-15 12:14:16 -05:00
committed by GitHub
parent 5a542327e7
commit 055d59373a
3 changed files with 79 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
spec/requests/application_controller_spec.rb
View File

@ -259,7 +259,6 @@ RSpec.describe ApplicationController do
script_src = parse(response.headers['Content-Security-Policy'])['script-src']
expect(script_src).to include('example.com')
expect(script_src).to include("'self'")
expect(script_src).to include("'unsafe-eval'")
end