]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/site_controller.rb
Merge remote-tracking branch 'upstream/pull/4877'
[rails.git] / app / controllers / site_controller.rb
index ad19df50e463bd1b292457a369534a2aa351b89e..15ffe58a2616765eac3b34474b9dd0542447cb33 100644 (file)
@@ -18,7 +18,8 @@ class SiteController < ApplicationController
 
   content_security_policy(:only => :id) do |policy|
     policy.connect_src("*")
 
   content_security_policy(:only => :id) do |policy|
     policy.connect_src("*")
-    policy.img_src("*", :blob)
+    policy.img_src(*policy.img_src, "*", :blob)
+    policy.script_src(*policy.script_src, :unsafe_eval)
     policy.style_src(*policy.style_src, :unsafe_inline)
   end
 
     policy.style_src(*policy.style_src, :unsafe_inline)
   end