From 4984d1a6484017ea33778c8f743e47b9162aee21 Mon Sep 17 00:00:00 2001
From: Connor Shea <connor.james.shea@gmail.com>
Date: Fri, 17 Jun 2016 15:47:26 -0600
Subject: Remove unsafe eval directive from scripts.

---
 config/initializers/secure_headers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 7ac4c7ace8e..075a5fc1876 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -25,7 +25,7 @@ SecureHeaders::Configuration.default do |config|
     img_src: %w('self' www.gravatar.com secure.gravatar.com),
     media_src: %w('none'),
     object_src: %w('none'),
-    script_src: %w('unsafe-inline' 'unsafe-eval' 'self' maxcdn.bootstrapcdn.com),
+    script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),
     style_src: %w('unsafe-inline' 'self'),
     base_uri: %w('self'),
     child_src: %w('self'),
-- 
cgit v1.2.1