Allow fonts to be served from asset host in CSP.

Closes #7796 closes #7825

Allow fonts to be served from asset host in CSP.
Closes #7796 closes #7825
1b03265c · Alex Tribble · Benjamin Neff · fa615533 · 1b03265c · 1b03265c
Commit 1b03265c authored Jun 10, 2018 by Alex Tribble Committed by Benjamin Neff Jun 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

Changelog.md Changelog.md +1 -0

config/initializers/secure_headers.rb config/initializers/secure_headers.rb +1 -0

No files found.
--- a/Changelog.md
+++ b/Changelog.md
@@ -7,6 +7,7 @@

 ## Bug fixes
 * Fix compatibility with newer glibc versions [#7828](https://github.com/diaspora/diaspora/pull/7828)
+* Allow fonts to be served from asset host in CSP [#7825](https://github.com/diaspora/diaspora/pull/7825)

 ## Features


--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -21,6 +21,7 @@ SecureHeaders::Configuration.default do |config|

  if AppConfig.environment.assets.host.present?
    asset_host = Addressable::URI.parse(AppConfig.environment.assets.host.get).host
+    csp[:font_src] << asset_host
    csp[:script_src] << asset_host
    csp[:style_src] << asset_host
  end