From e0bce2071eee934c373fcfbab518dd2a3b4157dd Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Wed, 16 Nov 2022 16:43:32 +0100
Subject: [PATCH] CSP: Allow Webworkers for ACE

Fixes CODEOCEAN-EQ
---
 config/initializers/content_security_policy.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 8faf0242..28a405e1 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -43,6 +43,8 @@ Rails.application.config.content_security_policy do |policy|
   # Our ACE editor unfortunately requires :unsafe_inline for the code highlighting
   policy.style_src            :self, :unsafe_inline, :report_sample
   policy.connect_src          :self
+  # Our ACE editor uses web workers to highlight code, preferably via URL or otherwise with a blob.
+  policy.child_src            :self, :blob
   policy.form_action          :self
   policy.frame_ancestors      :none