Fix CSP headers being unintendedly wide (#26105)

2023-07-21 13:34:15 +02:00 · 2023-07-21 13:34:15 +02:00 · 889102013f
commit 889102013f
parent d94a2c8aca
2 changed files with 28 additions and 1 deletions
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@ -3,7 +3,7 @@
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

 def host_to_url(str)
-  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}".split('/').first if str.present?
+  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str.split('/').first}" if str.present?
 end

 base_host = Rails.configuration.x.web_domain