mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 05:33:47 +08:00
488fba3c5f
* FEATURE: allow plugins and themes to extend the default CSP For plugins: ``` extend_content_security_policy( script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'], style_src: ['https://domain.com/style.css'] ) ``` For themes and components: ``` extend_content_security_policy: type: list default: "script_src:https://domain.com/|style_src:https://domain.com" ``` * clear CSP base url before each test we have a test that stubs `Rails.env.development?` to true * Only allow extending directives that core includes, for now |
||
---|---|---|
.. | ||
csv | ||
db | ||
emails | ||
encodings | ||
feed | ||
i18n | ||
images | ||
json | ||
md | ||
mmdb | ||
multisite | ||
plugins | ||
scss | ||
site_settings | ||
theme_settings | ||
woff2 |