Add blob to frame-src in CSP for iD
authorTom Hughes <tom@compton.nu>
Thu, 9 Apr 2020 17:42:17 +0000 (18:42 +0100)
committerTom Hughes <tom@compton.nu>
Thu, 9 Apr 2020 17:43:12 +0000 (18:43 +0100)
Fixes #2582
Closes #2583

app/controllers/site_controller.rb

index 1fc916e7f8436c3f3a22d6742c5ffc1395ee3932..52fea613366684808f424ff04b094353ef7e996d 100644 (file)
@@ -75,6 +75,10 @@ class SiteController < ApplicationController
         :plugin_types => %w[application/x-shockwave-flash],
         :script_src => %w['unsafe-inline']
       )
+    elsif %w[id].include?(editor)
+      append_content_security_policy_directives(
+        :frame_src => %w[blob:]
+      )
     end
 
     begin