htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CSP: Allow Webworkers for ACE

Browse Source 
Fixes CODEOCEAN-EQ
This commit is contained in:
Sebastian Serth
2022-11-16 16:43:32 +01:00
parent 83f9975d9e
commit e0bce2071e
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/content_security_policy.rb
View File

@ -43,6 +43,8 @@ Rails.application.config.content_security_policy do |policy|
# Our ACE editor unfortunately requires :unsafe_inline for the code highlighting
policy.style_src :self, :unsafe_inline, :report_sample
policy.connect_src :self
# Our ACE editor uses web workers to highlight code, preferably via URL or otherwise with a blob.
policy.child_src :self, :blob
policy.form_action :self
policy.frame_ancestors :none