suzanne.soy/travis-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't allow unsafe inline scripts

Browse Source
This commit is contained in:
Piotr Sarnacki 2015-02-04 17:23:58 +01:00
parent f6751e4b08
commit 571552b861
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/environment.js
View File

@ -87,7 +87,7 @@ module.exports = function(environment) {
'default-src': "'none'", 'default-src': "'none'",
// TODO: for some reason unsafe-eval is needed when I use collection helper, // TODO: for some reason unsafe-eval is needed when I use collection helper,
// we should probably remove it at some point // we should probably remove it at some point
'script-src': "'self' 'unsafe-eval' 'unsafe-inline'", 'script-src': "'self' 'unsafe-eval'",
'font-src': "'self'", 'font-src': "'self'",
'connect-src': "'self' https://api.travis-ci.org ws://ws.pusherapp.com wss://ws.pusherapp.com http://sockjs.pusher.com", 'connect-src': "'self' https://api.travis-ci.org ws://ws.pusherapp.com wss://ws.pusherapp.com http://sockjs.pusher.com",
'img-src': "'self' data: https://www.gravatar.com http://www.gravatar.com", 'img-src': "'self' data: https://www.gravatar.com http://www.gravatar.com",