Move inline styles to stylesheet #172

pbstriker38 · 2024-10-09T01:40:38Z

Inline styles violate the default Content Security Policy generated by Rails. I also made it so that the jobs column is larger on tables with more space.

Rails.application.configure do
  config.content_security_policy do |policy|
    policy.default_src :self, :https
    policy.font_src    :self, :https, :data
    policy.img_src     :self, :https, :data
    policy.object_src  :none
    policy.script_src  :self, :https
    policy.style_src   :self, :https
    # Specify URI for violation reports
    # policy.report_uri "/csp-violation-report-endpoint"
  end

  # Generate session nonces for permitted importmap, inline scripts, and inline styles.
  config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
  config.content_security_policy_nonce_directives = %w[script-src style-src]

  # Report violations without enforcing the policy.
  # config.content_security_policy_report_only = true
end

rosa · 2024-10-31T19:50:45Z

This looks great, thanks a lot! And sorry about the delay.

pbstriker38 added 2 commits October 8, 2024 18:32

Move inline styles to stylesheet

57dd42b

Add test for inline styles

ef639c8

rosa merged commit bb63fab into rails:main Oct 31, 2024
5 checks passed

pbstriker38 deleted the no_inline_styles branch December 23, 2024 02:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Move inline styles to stylesheet #172

Move inline styles to stylesheet #172

Uh oh!

pbstriker38 commented Oct 9, 2024

Uh oh!

rosa commented Oct 31, 2024

Uh oh!

Uh oh!

Uh oh!

Move inline styles to stylesheet #172

Move inline styles to stylesheet #172

Uh oh!

Conversation

pbstriker38 commented Oct 9, 2024

Uh oh!

rosa commented Oct 31, 2024

Uh oh!

Uh oh!

Uh oh!