]> git.openstreetmap.org Git - rails.git/commitdiff
reintroduce unsafe-eval CSP rule for iD
authorMartin Raifer <martin@raifer.tech>
Wed, 29 May 2024 09:26:08 +0000 (11:26 +0200)
committerGitHub <noreply@github.com>
Wed, 29 May 2024 09:26:08 +0000 (11:26 +0200)
fixes https://github.com/openstreetmap/iD/issues/10265

app/controllers/site_controller.rb

index 8b742a585c0e8f7519fb1019222cbcf88216e513..15ffe58a2616765eac3b34474b9dd0542447cb33 100644 (file)
@@ -19,6 +19,7 @@ class SiteController < ApplicationController
   content_security_policy(:only => :id) do |policy|
     policy.connect_src("*")
     policy.img_src(*policy.img_src, "*", :blob)
+    policy.script_src(*policy.script_src, :unsafe_eval)
     policy.style_src(*policy.style_src, :unsafe_inline)
   end