I am trying to create a vary basic .rb plugin (based on the now obsolete in chrome) discourse-allowall which will merge the CSP header to the default ones but cant get it to work. The below does not seem to do it. Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Po…

Adding CSP header

Falco (Falco) March 23, 2021, 12:17am 3

1 Like

Topic		Replies	Views
CSP Frame Ancestors enabled by default Announcements	4	1582	December 20, 2023
Add own CSP headers Support	5	385	June 16, 2023
Allow customization of Referrer-Policy Feature	3	1074	January 18, 2019
Allowed iframes whitelist not working - 'x-frame-options: SAMEORIGIN' Support	4	770	June 30, 2022
Harden Referrer-Policy Header Feature	10	1707	October 25, 2018