Fix CSP headers being unintendedly wide (#26105)

2023-07-21 13:34:15 +02:00
parent 14fad60384
commit e5f1000ad1
2 changed files with 28 additions and 1 deletions
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@ -5,7 +5,7 @@
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

 def host_to_url(str)
-  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}".split('/').first if str.present?
+  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str.split('/').first}" if str.present?
 end

 base_host = Rails.configuration.x.web_domain