]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/site_controller.rb
Improve the content security policy
[rails.git] / app / controllers / site_controller.rb
index 353feecefe32ae21062597d2ee7d9cfb2c137b0c..b0552322ed6d808efbf7a82bae2e001eb9b104fc 100644 (file)
@@ -72,7 +72,8 @@ class SiteController < ApplicationController
     if editor == "potlatch" || editor == "potlatch2"
       append_content_security_policy_directives(
         :object_src => %w(*),
-        :plugin_types => %w(application/x-shockwave-flash)
+        :plugin_types => %w(application/x-shockwave-flash),
+        :script_src => %w('unsafe-inline')
       )
     end