github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-05 13:36:00 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Mini-profiler CSP nonce when in report-only mode (#28664)

Browse Source
This commit is contained in:
David Taylor
2024-09-02 10:04:47 +01:00
committed by GitHub
parent b7164f1283
commit 3fb3ef7c85
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/006-mini_profiler.rb
View File

@ -90,7 +90,7 @@ if defined?(Rack::MiniProfiler) && defined?(Rack::MiniProfiler::Config)
Rack::MiniProfiler.config.content_security_policy_nonce =
Proc.new do |env, headers|
if csp = headers["Content-Security-Policy"]
if csp = headers["Content-Security-Policy"] || headers["Content-Security-Policy-Report-Only"]
csp[/script-src[^;]+'nonce-([^']+)'/, 1]
end
end