Remove unsafe-inline form default style policy

author Tom Hughes <tom@compton.nu>

Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)

committer Tom Hughes <tom@compton.nu>

Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)
author Tom Hughes <tom@compton.nu>
Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)
committer Tom Hughes <tom@compton.nu>
Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb

index 9af170623198f763f55e2e8fb2593bd49904ad25..696efc729d8c60badcfca79ddc1e5fc4a0932953 100644 (file)
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -12,7 +12,7 @@ if defined?(CSP_REPORT_URL)
      :object_src => %w['self'],
      :plugin_types => %w[],
      :script_src => %w['self'],
-    :style_src => %w['self' 'unsafe-inline'],
+    :style_src => %w['self'],
      :report_uri => [CSP_REPORT_URL]
    }
author	Tom Hughes <tom@compton.nu>
	Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)
committer	Tom Hughes <tom@compton.nu>
	Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)