From: Tom Hughes <tom@compton.nu>
Date: Wed, 16 May 2018 19:40:55 +0000 (+0100)
Subject: Remove unsafe-inline form default style policy
X-Git-Tag: live~3996
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/1f1029cf1ae868cf73620c8c1836faaec115d352

Remove unsafe-inline form default style policy
---

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 9af170623..696efc729 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -12,7 +12,7 @@ if defined?(CSP_REPORT_URL)
     :object_src => %w['self'],
     :plugin_types => %w[],
     :script_src => %w['self'],
-    :style_src => %w['self' 'unsafe-inline'],
+    :style_src => %w['self'],
     :report_uri => [CSP_REPORT_URL]
   }