refactor: update directives and mappings to match Rails 5.2.8.1

DocSpring · Nov 9, 2023 · 98abc28 · 98abc28
1 parent 5f88846
commit 98abc28
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/lib/better_content_security_policy/content_security_policy.rb b/lib/better_content_security_policy/content_security_policy.rb
@@ -12,15 +12,21 @@ class ContentSecurityPolicy
       default-src
       font-src
       form-action
+      frame-ancestors
       frame-src
       img-src
       manifest-src
       media-src
-      navigate-to
       object-src
       prefetch-src
+      require-trusted-types-for
       script-src
+      script-src-attr
+      script-src-elem
       style-src
+      style-src-attr
+      style-src-elem
+      trusted-types
       worker-src
     ].freeze
 
@@ -31,6 +37,8 @@ class ContentSecurityPolicy
       http
       https
       mediastream
+      ws
+      wss
     ].freeze
 
     QUOTED_SOURCES = %w[
@@ -39,7 +47,10 @@ class ContentSecurityPolicy
       unsafe-eval
       unsafe-hashes
       unsafe-inline
-      wasm-unsafe-eval
+      allow-duplicates
+      report-sample
+      script
+      strict-dynamic
     ].freeze
 
     attr_accessor :directives, :report_uri, :report_only