From 861e9c180d797c8bcd4c103c711ae6225e3812fd Mon Sep 17 00:00:00 2001
From: Baptiste Grob <60621355+baptiste-grob@users.noreply.github.com>
Date: Thu, 12 Nov 2020 11:42:38 +0100
Subject: [PATCH] fix: remove non-standard 'wasm-eval' script CSP source

---
 config/application.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/application.rb b/config/application.rb
index 984e28a0f..78affeb27 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -53,7 +53,7 @@ module Web
          media_src: %w('self'),
          object_src: %w('self'),
          plugin_types: %w(),
-         script_src: %w('self' 'unsafe-inline' 'wasm-eval' 'unsafe-eval'),
+         script_src: %w('self' 'unsafe-inline' 'unsafe-eval'),
          style_src: %w(* 'unsafe-inline'),
          upgrade_insecure_requests: false, # see https://www.w3.org/TR/upgrade-insecure-requests/
       }