Closed brianewell closed 5 years ago
Hi @brianewell,
I fixed the templates to cope with the latest Content Security Policy stuff for Rails 5.2.
The Example App was fixed as well. Please have a look at the Example App to see how it can be implemented with a default policy of self
.
Content Security Policy is an added layer of security that helps to detect and mitigate certain attacks, including Cross Site Scripting and data injection attacks.
I found that a CSP default policy of
self
was incompatible with the devise-fido-usf gem because of the gem's use of inline Javascript and CSS within the following views:I'm going to fork the project and give fixing this a shot.