tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

Browse Source
This commit is contained in:
Claire
2023-08-08 15:41:38 +02:00
committed by GitHub
parent 2c204d904b
commit 8b37dd2c86
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/concerns/captcha_concern.rb
View File

@@ -42,7 +42,7 @@ module CaptchaConcern
end end
def extend_csp_for_captcha! def extend_csp_for_captcha!
policy = request.content_security_policy policy = request.content_security_policy&.clone
return unless captcha_required? && policy.present? return unless captcha_required? && policy.present?
@@ -54,6 +54,8 @@ module CaptchaConcern
policy.send(directive, *values) policy.send(directive, *values)
end end
request.content_security_policy = policy
end end
def render_captcha def render_captcha