Remove unsafe eval directive from scripts.

author: Connor Shea <connor.james.shea@gmail.com> 2016-06-17 15:47:26 -0600
committer: Connor Shea <connor.james.shea@gmail.com> 2016-07-18 11:43:35 -0600
commit: 4984d1a6484017ea33778c8f743e47b9162aee21 (patch)
tree: 20b7cf5c1c57db6bdb0cbaf3b3293befa40f66e6 /config
parent: e8e608765e875814b89847d59b4699175746596a (diff)
download: gitlab-ce-4984d1a6484017ea33778c8f743e47b9162aee21.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 7ac4c7ace8e..075a5fc1876 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -25,7 +25,7 @@ SecureHeaders::Configuration.default do |config|
     img_src: %w('self' www.gravatar.com secure.gravatar.com),
     media_src: %w('none'),
     object_src: %w('none'),
-    script_src: %w('unsafe-inline' 'unsafe-eval' 'self' maxcdn.bootstrapcdn.com),
+    script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),
     style_src: %w('unsafe-inline' 'self'),
     base_uri: %w('self'),
     child_src: %w('self'),
author	Connor Shea <connor.james.shea@gmail.com>	2016-06-17 15:47:26 -0600
committer	Connor Shea <connor.james.shea@gmail.com>	2016-07-18 11:43:35 -0600
commit	4984d1a6484017ea33778c8f743e47b9162aee21 (patch)
tree	20b7cf5c1c57db6bdb0cbaf3b3293befa40f66e6 /config
parent	e8e608765e875814b89847d59b4699175746596a (diff)
download	gitlab-ce-4984d1a6484017ea33778c8f743e47b9162aee21.tar.gz