fix: remove non-standard 'wasm-eval' script CSP source

2020-11-12 11:42:38 +01:00
parent 50a5cc4851
commit 861e9c180d
1 changed files with 1 additions and 1 deletions
--- a/config/application.rb
+++ b/config/application.rb
@@ -53,7 +53,7 @@ module Web
         media_src: %w('self'),
         object_src: %w('self'),
         plugin_types: %w(),
-         script_src: %w('self' 'unsafe-inline' 'wasm-eval' 'unsafe-eval'),
+         script_src: %w('self' 'unsafe-inline' 'unsafe-eval'),
         style_src: %w(* 'unsafe-inline'),
         upgrade_insecure_requests: false, # see https://www.w3.org/TR/upgrade-insecure-requests/
      }