Skip to content

Commit

Permalink
Add editor link scheme to the CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
@RobinDaugherty
RobinDaugherty committed Dec 11, 2020
1 parent fff870b commit 855d40a
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/better_errors/editor.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ def url(raw_path, line)
url_proc.call(file, line)
end

def scheme
url('/fake', 42).sub(/:.*/, ':')
end

private

attr_reader :url_proc
Expand Down
1 change: 1 addition & 0 deletions lib/better_errors/middleware.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ def show_error_page(env, exception=nil)
# Inline style is required by the syntax highlighter.
"style-src 'self' 'unsafe-inline'",
"connect-src 'self'",
"navigate-to 'self' #{BetterErrors.editor.scheme}",
].join('; '),
}

Expand Down

0 comments on commit 855d40a

Please sign in to comment.