We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent f8eff32 commit 4a47931Copy full SHA for 4a47931
config/initializers/content_security_policy.rb
@@ -12,7 +12,7 @@
12
policy.object_src :none
13
policy.frame_ancestors :none
14
# Importmap/Turbo operate as module scripts; allow self + https with nonces + unsafe-inline
15
- policy.script_src :self, :https, :unsafe_inline, :nonce
+ policy.script_src :self, :https, :unsafe_inline
16
policy.style_src :self, :https, :unsafe_inline
17
# XHR/Fetch destinations (Turbo Streams, APIs)
18
policy.connect_src :self, :https
0 commit comments