FEATURE: [Experimental] Content Security Policy (#6514)

do not register new MIME type, parse raw body instead
2025-06-01 02:14:58 +08:00 · 2018-10-22 13:22:23 -04:00
parent ec2613699f
commit e9a971a2b6
10 changed files with 324 additions and 1 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -190,6 +190,9 @@ module Discourse
    # supports etags (post 1.7)
    config.middleware.delete Rack::ETag

+    require 'content_security_policy'
+    config.middleware.swap ActionDispatch::ContentSecurityPolicy::Middleware, ContentSecurityPolicy::Middleware
+
    require 'middleware/discourse_public_exceptions'
    config.exceptions_app = Middleware::DiscoursePublicExceptions.new(Rails.public_path)