This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.

Kyle Zhao 488fba3c5f FEATURE: allow plugins and themes to extend the default CSP (#6704) ... * FEATURE: allow plugins and themes to extend the default CSP For plugins: ``` extend_content_security_policy( script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'], style_src: ['https://domain.com/style.css'] ) ``` For themes and components: ``` extend_content_security_policy: type: list default: "script_src:https://domain.com/|style_src:https://domain.com" ``` * clear CSP base url before each test we have a test that stubs `Rails.env.development?` to true * Only allow extending directives that core includes, for now		2018-11-30 09:51:45 -05:00
..
assets	FIX: add vkontakte icon alias	2018-11-30 08:50:38 -05:00
controllers	FIX: defer flags (only) when handling a flag and deleting replies (#6702)	2018-11-29 22:44:18 +05:30
helpers	Upgrade to FontAwesome 5 (take two) (#6673)	2018-11-26 16:49:57 -05:00
jobs	FIX: Jobs::CleanUpUploads fails when value of upload data_type is an empty string.	2018-11-30 10:46:39 +08:00
mailers	FEATURE: Warn users via email about suspicious logins. (#6520)	2018-10-25 09:45:31 +00:00
models	FEATURE: allow plugins and themes to extend the default CSP (#6704)	2018-11-30 09:51:45 -05:00
serializers	UX: category images have no sizes (#6662)	2018-11-27 08:40:06 +08:00
services	REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator	2018-11-30 11:18:11 +00:00
views	Remove extra apple-touch-icon link in head.	2018-11-29 15:24:52 +08:00