diff options
author | Claire <claire.github-309c@sitedethib.com> | 2023-08-08 15:41:38 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-08 15:41:38 +0200 |
commit | 8b37dd2c863ffe1d517a8296f5cb859f03397fc8 (patch) | |
tree | ebacf21960e2d8122490c4cf589ca3f81ff1fc5d | |
parent | 2c204d904b344b2e1f9c7f8051216b024b81c684 (diff) |
Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)
-rw-r--r-- | app/controllers/concerns/captcha_concern.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/concerns/captcha_concern.rb b/app/controllers/concerns/captcha_concern.rb index 576304d1ca8..170c8f5e03a 100644 --- a/app/controllers/concerns/captcha_concern.rb +++ b/app/controllers/concerns/captcha_concern.rb @@ -42,7 +42,7 @@ module CaptchaConcern end def extend_csp_for_captcha! - policy = request.content_security_policy + policy = request.content_security_policy&.clone return unless captcha_required? && policy.present? @@ -54,6 +54,8 @@ module CaptchaConcern policy.send(directive, *values) end + + request.content_security_policy = policy end def render_captcha |