rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'hotfix/3.3.8' into develop

Browse Source
This commit is contained in:
Karol Sójko
2020-07-30 12:41:40 +02:00
parent 228b7f3c19 af7da1d79c
commit 70c427e1b0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/application.rb
View File

@@ -14,7 +14,7 @@ require "rails/test_unit/railtie"
# you've limited to :test, :development, or :production. # you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups) Bundler.require(*Rails.groups)
module StandardNotes module Web
class Application < Rails::Application class Application < Rails::Application
# Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. # Cross-Origin Resource Sharing (CORS) for Rack compatible web applications.
config.middleware.insert_before 0, Rack::Cors do config.middleware.insert_before 0, Rack::Cors do
@@ -34,7 +34,7 @@ module StandardNotes
config.x_content_type_options = SecureHeaders::OPT_OUT config.x_content_type_options = SecureHeaders::OPT_OUT
config.x_xss_protection = SecureHeaders::OPT_OUT config.x_xss_protection = SecureHeaders::OPT_OUT
config.hsts = SecureHeaders::OPT_OUT config.hsts = SecureHeaders::OPT_OUT
config.csp = { config.csp = {
# "meta" values. these will shape the header, but the values are not included in the header. # "meta" values. these will shape the header, but the values are not included in the header.
preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content. preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.