Configure manifest-src and worker-src in security policy

author Tom Hughes <tom@compton.nu>

Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)

committer Tom Hughes <tom@compton.nu>

Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)
author Tom Hughes <tom@compton.nu>
Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)
committer Tom Hughes <tom@compton.nu>
Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb

index ba9aa496f4468601293db2a7bd13abed81e404a5..cd6979bee26bf8e9c83e1dc31ae23d65d78b00fd 100644 (file)
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -9,11 +9,13 @@ if defined?(CSP_REPORT_URL)
      :frame_ancestors => %w['self'],
      :frame_src => %w['self'],
      :img_src => %w['self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr],
+    :manifest_src => %w['none'],
      :media_src => %w['none'],
      :object_src => %w['self'],
      :plugin_types => %w[],
      :script_src => %w['self'],
      :style_src => %w['self'],
+    :worker_src => %w['none'],
      :report_uri => [CSP_REPORT_URL]
    }
author	Tom Hughes <tom@compton.nu>
	Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)
committer	Tom Hughes <tom@compton.nu>
	Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)