diff options
Diffstat (limited to 'lib/gitlab/content_security_policy/config_loader.rb')
-rw-r--r-- | lib/gitlab/content_security_policy/config_loader.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb index e42b174e085..d7b31946ab0 100644 --- a/lib/gitlab/content_security_policy/config_loader.rb +++ b/lib/gitlab/content_security_policy/config_loader.rb @@ -24,7 +24,7 @@ module Gitlab 'media_src' => "'self'", 'script_src' => "'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com", 'style_src' => "'self' 'unsafe-inline'", - 'worker_src' => "'self'", + 'worker_src' => "'self' blob: data:", 'object_src' => "'none'", 'report_uri' => nil } @@ -79,6 +79,7 @@ module Gitlab append_to_directive(settings_hash, 'script_src', cdn_host) append_to_directive(settings_hash, 'style_src', cdn_host) + append_to_directive(settings_hash, 'font_src', cdn_host) end def self.append_to_directive(settings_hash, directive, text) |