bida/bastodon
6
0
Fork 0
Code Issues 7 Pull requests Releases Wiki Activity

Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

Browse source
This commit is contained in:
Claire 2023-08-08 15:41:38 +02:00 committed by GitHub
parent 2c204d904b
commit 8b37dd2c86
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/concerns/captcha_concern.rb
View file

@ -42,7 +42,7 @@ module CaptchaConcern
end end
def extend_csp_for_captcha! def extend_csp_for_captcha!
policy = request.content_security_policy policy = request.content_security_policy&.clone
return unless captcha_required? && policy.present? return unless captcha_required? && policy.present?
@ -54,6 +54,8 @@ module CaptchaConcern
policy.send(directive, *values) policy.send(directive, *values)
end end
request.content_security_policy = policy
end end
def render_captcha def render_captcha