From f5a699506e8b9919cea0f1fb2a08c87adaa3c556 Mon Sep 17 00:00:00 2001 From: Jason Frey Date: Tue, 23 Apr 2024 15:50:32 -0400 Subject: [PATCH] Add object_src --- config/initializers/secure_headers.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index faef7170c40..b3c4f3cc375 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -22,6 +22,7 @@ :font_src => ["'self'", 'https://fonts.gstatic.com', "https://fonts.googleapis.com"], :frame_src => ["'self'"], :img_src => ["'self'", "data:"], + :object_src => ["'self'"], :script_src => ["'unsafe-eval'", "'unsafe-inline'", "'self'"], :style_src => ["'unsafe-inline'", "'self'", "https://fonts.googleapis.com", "https://fonts.gstatic.com"] }