[openstreetmap/openstreetmap-website] layouts/_head.html.erb: Replace csp_meta_tag w/ `secure_headers` nonce (PR #4606)
Gregory Igelmund
notifications at github.com
Thu Mar 21 11:14:42 UTC 2024
## Why are the changes necessary?
Unblocks the PR #4562
The `csp_meta_tag` does not generate a `csp-nonce`-tag since currently the `secure_headers`-gem is responsible to manage the `Content-Security-Policy` directives.
Once `secure_headers`-logic is moved/delegated back to Rails the usage of `csp_meta_tag` is useful again. Otherwise it is a bit confusing.
Once this PR is merged the CSP violation in #4562 will be solved. See more here https://github.com/openstreetmap/openstreetmap-website/pull/4562#discussion_r1532380754
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/4606
-- Commit Summary --
* layouts/_head.html.erb: Replace csp_meta_tag w/ `secure_headers` nonce
-- File Changes --
M app/views/layouts/_head.html.erb (2)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/4606.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4606.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4606
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4606 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240321/7b56171a/attachment.htm>
More information about the rails-dev
mailing list