Commit 4984d1a6 authored by Connor Shea's avatar Connor Shea

Remove unsafe eval directive from scripts.

parent e8e60876
...@@ -25,7 +25,7 @@ SecureHeaders::Configuration.default do |config| ...@@ -25,7 +25,7 @@ SecureHeaders::Configuration.default do |config|
img_src: %w('self' www.gravatar.com secure.gravatar.com), img_src: %w('self' www.gravatar.com secure.gravatar.com),
media_src: %w('none'), media_src: %w('none'),
object_src: %w('none'), object_src: %w('none'),
script_src: %w('unsafe-inline' 'unsafe-eval' 'self' maxcdn.bootstrapcdn.com), script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),
style_src: %w('unsafe-inline' 'self'), style_src: %w('unsafe-inline' 'self'),
base_uri: %w('self'), base_uri: %w('self'),
child_src: %w('self'), child_src: %w('self'),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment