X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/e35748567c431c3a092816bfbab0d2f5043284b1..8dae890a7645fba17a44d84f78be03d993e22ccb:/config/initializers/secure_headers.rb diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index e53ea6cef..361fb3283 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -1,17 +1,17 @@ if defined?(CSP_REPORT_URL) policy = { - :default_src => %w('self'), - :child_src => %w('self'), - :connect_src => %w('self'), - :font_src => %w('none'), - :form_action => %w('self'), - :frame_ancestors => %w('self'), - :img_src => %w('self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr), - :media_src => %w('none'), - :object_src => %w('self'), - :plugin_types => %w('none'), - :script_src => %w('self'), - :style_src => %w('self' 'unsafe-inline'), + :default_src => %w['self'], + :child_src => %w['self'], + :connect_src => %w['self'], + :font_src => %w['none'], + :form_action => %w['self'], + :frame_ancestors => %w['self'], + :img_src => %w['self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr], + :media_src => %w['none'], + :object_src => %w['self'], + :plugin_types => %w[], + :script_src => %w['self'], + :style_src => %w['self' 'unsafe-inline'], :report_uri => [CSP_REPORT_URL] }