github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 01:47:22 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
c8d438cc63
discourse/lib/content_security_policy
History
David Taylor c8d438cc63
DEV: Allow CSP to be enabled during QUnit tests (#8668) 
The QUnit rake task starts a server in test mode. We need a tweak to allow dynamic CSP hostnames in test mode. This tweak is already present in development mode.

To allow CSP to work, the browser host/port must match what the server sees. Therefore we need to disable the enforce_hostname middleware in test mode. To keep rspec and production as similar as possible, we skip enforce_hostname using an environment variable.

Also move the qunit rake task to use unicorn, for consistency with development and production.
2020-01-07 12:22:58 +00:00
..
builder.rb FEATURE: allow extending CSP base-uri and object-src 2019-01-09 15:34:14 -05:00
default.rb DEV: Remove unsafe-eval from development CSP (#8569) 2019-12-30 12:17:12 +00:00
extension.rb DEV: Remove unsafe-eval from development CSP (#8569) 2019-12-30 12:17:12 +00:00
middleware.rb DEV: Allow CSP to be enabled during QUnit tests (#8668) 2020-01-07 12:22:58 +00:00