Open mplatts opened 2 years ago
Using the plug ContentSecurityPolicy.Plug.Setup was causing Sobelow to still complain.
plug ContentSecurityPolicy.Plug.Setup
So I did this to fix it:
@content_security_policy %ContentSecurityPolicy.Policy{ default_src: [ "'unsafe-inline'", "'unsafe-eval'", "'self'", "https://cdnjs.cloudflare.com", "https://cdn.skypack.dev", "https://res.cloudinary.com" ] } pipeline :browser do ... plug(:put_secure_browser_headers, %{"content-security-policy" => ContentSecurityPolicy.serialize(@content_security_policy)}) ... end
Not sure if there is a better way?
you could set the option to %{"content-security-policy" => ""} then put the plug after, but I'm not sure if that counts as better :)
%{"content-security-policy" => ""}
Using the
plug ContentSecurityPolicy.Plug.Setup
was causing Sobelow to still complain.So I did this to fix it:
Not sure if there is a better way?