no need for unsafe-inline fallback for nonce since safari 10
parent
6f48b5e269
commit
831c2df2ec
|
@ -12,13 +12,7 @@ case class ContentSecurityPolicy(
|
|||
baseUri: List[String]
|
||||
) {
|
||||
|
||||
private def withScriptSrc(source: String) = copy(scriptSrc = source :: scriptSrc)
|
||||
|
||||
def withNonce(nonce: Nonce) = copy(
|
||||
// Nonces are not supported by Safari but 'unsafe-inline' is ignored by
|
||||
// better browsers if there are also nonces.
|
||||
scriptSrc = nonce.scriptSrc :: "'unsafe-inline'" :: scriptSrc
|
||||
)
|
||||
def withNonce(nonce: Nonce) = copy(scriptSrc = nonce.scriptSrc :: scriptSrc)
|
||||
|
||||
def withStripe = copy(
|
||||
connectSrc = "https://*.stripe.com" :: connectSrc,
|
||||
|
|
Loading…
Reference in New Issue