Skip to content

Commit 827e631

Browse files
borsbors
committed
Auto merge of #2292 - rust-lang:fix-csp-style-src-unsafe-inline, r=jtgeibel
Add 'unsafe-inline' for style-src CSP Replaces #2105.
2 parents 231ee43 + 72b2f01 commit 827e631

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

config/nginx.conf.erb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ http {
156156
add_header X-Content-Type-Options "nosniff";
157157
add_header X-Frame-Options "SAMEORIGIN";
158158
add_header X-XSS-Protection "1; mode=block";
159-
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com; style-src 'self' https://www.google.com https://ajax.googleapis.com; img-src *; object-src 'none'";
159+
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com; img-src *; object-src 'none'";
160160

161161
add_header Strict-Transport-Security "max-age=31536000" always;
162162
add_header Vary 'Accept, Accept-Encoding, Cookie';

0 commit comments

Comments
 (0)