github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-28 13:51:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: allow extending CSP base-uri and object-src

Browse Source 
Plus, ensure :none is stripped, it cannot be combined with other sources
This commit is contained in:
Penar Musaraj
2019-01-09 15:33:42 -05:00
parent 9ba8bfb1aa
commit e11c6ffa89
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
spec/lib/content_security_policy_spec.rb
View File

@ -111,6 +111,8 @@ describe ContentSecurityPolicy do
plugin.enabled = true
expect(parse(policy)['script-src']).to include('https://from-plugin.com')
expect(parse(policy)['object-src']).to include('https://test-stripping.com')
expect(parse(policy)['object-src']).to_not include("'none'")
plugin.enabled = false
expect(parse(policy)['script-src']).to_not include('https://from-plugin.com')