htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CSP: Recognize ACE of using data: images

Browse Source
This commit is contained in:
Sebastian Serth
2023-10-13 00:14:38 +02:00
parent 7af648a966
commit c232a418f4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/content_security_policy.rb
View File

@ -39,7 +39,7 @@ Rails.application.configure do
policy.default_src :none
policy.base_uri :self
policy.font_src :self
# Code executions might return a base64 encoded image as a :data URI
# Code executions might return a base64 encoded image as a :data URI and ACE uses :data URIs for images
policy.img_src :self, :data
policy.object_src :none
policy.media_src :self