I am trying to create a vary basic .rb plugin (based on the now obsolete in chrome) discourse-allowall which will merge the CSP header to the default ones but cant get it to work. The below does not seem to do it. Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Po…

My syntax was off and this is working fine now. Correct syntax is like: Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "frame-ancestors mylocal.com.localhost"})

Support for this was added in core: Mitigate XSS Attacks with Content Security Policy - #37 by Falco

Adicionando cabeçalho CSP

Dev

Falco (Falco) Março 23, 2021, 12:17am 3

O suporte para isso foi adicionado no núcleo: Mitigate XSS Attacks with Content Security Policy - #37 by Falco

Tópico		Respostas	Visualizações
Add own CSP headers Support	5	467	16 de Junho de 2023
Adding HTTP Headers to Plugin in Development Development	3	884	18 de Maio de 2020
And invalid response header is being set from embed controller Support	4	751	27 de Março de 2021
CSP Frame Ancestors enabled by default Announcements	4	1704	20 de Dezembro de 2023
Allowed iframes whitelist not working - 'x-frame-options: SAMEORIGIN' Support	4	910	30 de Junho de 2022

Adicionando cabeçalho CSP

Tópicos relacionados