26 Commits (1f94f4009e5b072f8b508b1bf1a046ea034de7c1)

Author SHA1 Message Date
ThibG e1629a7758
Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679) 5 years ago
ThibG dea5db0e25
Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595) 5 years ago
ThibG 7ddbbdea6d
Fix OCR not working on Safari because of unsupported worker-src CSP (#13323) 5 years ago
Thibaut Girka ccaefd139d Add environment variable to specify extra data hosts 5 years ago
Thibaut Girka 9e17f9e95a Fix connect-src policy for Tesseract 5 years ago
ThibG 8203e24cf4 Fix CSP needlessly allowing blob URLs in script-src (#11620) 5 years ago
Eugen Rochko b7f5f0ec10
Fix media host not being included in connect-src for OCR (#11577) 5 years ago
Eugen Rochko 28636f43e4
Add OCR tool to media editing modal (#11566) 5 years ago
Thibaut Girka 2c2f649200 Fix CSP when PAPERCLIP_ROOT_URL is set to a different host 6 years ago
Thibaut Girka 58720aa2bd Fix CSP when dealing with S3 hosts 6 years ago
Rey Tucker 35b2ba5030 Remove form_action from CSP 6 years ago
Thibaut Girka 1283e112b9 Tighten CSP a bit 6 years ago
ThibG 8ab081ec32 Add manifest_src to CSP, add blob to connect_src (#8967) 6 years ago
Eugen Rochko edc7f895be
Fix CSP headers blocking media and development environment (#8962) 6 years ago
ThibG 2d27c11061 Set Content-Security-Policy rules through RoR's config (#8957) 6 years ago
Rey Tucker 40d04a3209 Add manifest_src to CSP 6 years ago
Thibaut Girka c4b3479173 Fix CSP with S3/SWIFT hosts 6 years ago
Thibaut Girka 3fe5029fbe Adjust CSP to fix image resizing 6 years ago
Thibaut Girka 0ddf439999 Only apply CSP in production mode 6 years ago
Thibaut Girka 48db3b3c99 Tighten CSP while allowing CDN hosts 6 years ago
Thibaut Girka e7a72439f1 Move CSP headers to the appropriate Rails configuration 6 years ago
Yamagishi Kazutoshi 50529cbceb Upgrade Rails to version 5.2.0 (#5898) 7 years ago