~cytrogen/masto-fe: Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

8b37dd2c863ffe1d517a8296f5cb859f03397fc8 — Claire 2 years ago 2c204d9

Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

patch browse .tar.gz

1 files changed, 3 insertions(+), 1 deletions(-)

M app/controllers/concerns/captcha_concern.rb

M app/controllers/concerns/captcha_concern.rb => app/controllers/concerns/captcha_concern.rb +3 -1

@@ 42,7 42,7 @@ module CaptchaConcern
   end
 
   def extend_csp_for_captcha!
-    policy = request.content_security_policy
+    policy = request.content_security_policy&.clone
 
     return unless captcha_required? && policy.present?
 


@@ 54,6 54,8 @@ module CaptchaConcern
 
       policy.send(directive, *values)
     end
+
+    request.content_security_policy = policy
   end
 
   def render_captcha