Skip to content

Commit

Permalink
Merge pull request #4403 from pulibrary/CSP-object-scr
Browse files Browse the repository at this point in the history 
[CSP] Set object-src to none to remove vulnerability warning: "object-src" value is not safe
  • Loading branch information
@sandbergja
sandbergja authored Sep 30, 2024
2 parents 8501449 + 48ae243 commit 5d74819
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions config/initializers/content_security_policy.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
policy.font_src :self, :https, :data
policy.img_src :self, :https, :data
policy.media_src :self, :data
policy.object_src :none
policy.script_src :self, :https, :unsafe_eval, :unsafe_inline
policy.style_src :self, :https, :unsafe_inline
policy.frame_src :self, 'https://figgy.princeton.edu', 'https://*.doubleclick.net'
Expand Down

0 comments on commit 5d74819

Please sign in to comment.