Skip to content

Commit 4a47931

Browse files
committed
fix: remove nonce requirement from CSP script-src directive
1 parent f8eff32 commit 4a47931

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

config/initializers/content_security_policy.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
policy.object_src :none
1313
policy.frame_ancestors :none
1414
# Importmap/Turbo operate as module scripts; allow self + https with nonces + unsafe-inline
15-
policy.script_src :self, :https, :unsafe_inline, :nonce
15+
policy.script_src :self, :https, :unsafe_inline
1616
policy.style_src :self, :https, :unsafe_inline
1717
# XHR/Fetch destinations (Turbo Streams, APIs)
1818
policy.connect_src :self, :https

0 commit comments

Comments
 (0)