diff options
author | Stan Hu <stanhu@gmail.com> | 2019-08-01 20:56:50 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-08-01 20:56:50 -0700 |
commit | 5ec3bc2add086d2cae3e5dc4238a0cea301a5e01 (patch) | |
tree | 00800384de31de9197b7ffdde5d7c8dfcb134721 | |
parent | b924b4c8fff1b664b9813e12857dac29b40df284 (diff) | |
download | gitlab-ce-5ec3bc2add086d2cae3e5dc4238a0cea301a5e01.tar.gz |
Allow localhost:3808 in CSP rules for tests to pass
-rw-r--r-- | config/initializers/content_security_policy.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d93263c2a3d..ee1500ba6fc 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -2,7 +2,7 @@ Rails.application.config.content_security_policy do |policy| policy.default_src :self policy.object_src :none policy.worker_src *%w(https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://gitlab.com blob:) - policy.script_src *%w('self' 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com) + policy.script_src *%w('self' http://localhost:3808 'unsafe-inline' 'unsafe-eval' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com) policy.style_src *%w('self' 'unsafe-inline' https://assets.gitlab-static.net https://gl-canary.freetls.fastly.net) policy.img_src *%w(* data: blob) policy.frame_src *%w('self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://*.codesandbox.io) |