Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

author: Claire <claire.github-309c@sitedethib.com> 2023-08-08 15:41:38 +0200
committer: GitHub <noreply@github.com> 2023-08-08 15:41:38 +0200
commit: 8b37dd2c863ffe1d517a8296f5cb859f03397fc8 (patch)
tree: ebacf21960e2d8122490c4cf589ca3f81ff1fc5d
parent: 2c204d904b344b2e1f9c7f8051216b024b81c684 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/concerns/captcha_concern.rb b/app/controllers/concerns/captcha_concern.rb
index 576304d1ca8..170c8f5e03a 100644
--- a/app/controllers/concerns/captcha_concern.rb
+++ b/app/controllers/concerns/captcha_concern.rb
@@ -42,7 +42,7 @@ module CaptchaConcern
   end
 
   def extend_csp_for_captcha!
-    policy = request.content_security_policy
+    policy = request.content_security_policy&.clone
 
     return unless captcha_required? && policy.present?
 
@@ -54,6 +54,8 @@ module CaptchaConcern
 
       policy.send(directive, *values)
     end
+
+    request.content_security_policy = policy
   end
 
   def render_captcha
author	Claire <claire.github-309c@sitedethib.com>	2023-08-08 15:41:38 +0200
committer	GitHub <noreply@github.com>	2023-08-08 15:41:38 +0200
commit	8b37dd2c863ffe1d517a8296f5cb859f03397fc8 (patch)
tree	ebacf21960e2d8122490c4cf589ca3f81ff1fc5d
parent	2c204d904b344b2e1f9c7f8051216b024b81c684 (diff)