ThibG
|
a783bdf4ad
|
Fix hashtag column options styling (#14247)
* Enable nonces for stylesheets
* Pass nonce to react-select
|
5 years ago |
ThibG
|
e1629a7758
|
Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
* Make sure wicg-inert doesn't rely on inline CSS
* Remove unsafe-inline from style-src
|
5 years ago |
ThibG
|
dea5db0e25
|
Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595)
|
5 years ago |
ThibG
|
7ddbbdea6d
|
Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
Fixes #13321
|
5 years ago |
ThibG
|
8203e24cf4
|
Fix CSP needlessly allowing blob URLs in script-src (#11620)
|
5 years ago |
Eugen Rochko
|
b7f5f0ec10
|
Fix media host not being included in connect-src for OCR (#11577)
|
5 years ago |
Eugen Rochko
|
28636f43e4
|
Add OCR tool to media editing modal (#11566)
|
5 years ago |
ThibG
|
8ab081ec32
|
Add manifest_src to CSP, add blob to connect_src (#8967)
|
6 years ago |
Eugen Rochko
|
edc7f895be
|
Fix CSP headers blocking media and development environment (#8962)
Regression from #8957
|
6 years ago |
ThibG
|
2d27c11061
|
Set Content-Security-Policy rules through RoR's config (#8957)
* Set CSP rules in RoR's configuration
* Override CSP setting in the embed controller to allow frames
|
6 years ago |
Yamagishi Kazutoshi
|
50529cbceb
|
Upgrade Rails to version 5.2.0 (#5898)
|
7 years ago |