From f66a977fc7ae30d2a07124ad91924c4ee638a703 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Tue, 8 Jan 2019 22:16:58 +0100 Subject: Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json" We had a discussion on the Core team and we don't want to expose this information as a JSON endpoint and not by default. It doesn't make sense to expose this JSON locally and this controller is only accessible in dev, so the proposed access from a production app seems off. This reverts commit 8eaffe7e89719ac62ff29c2e4208cfbeb1cd1c38, reversing changes made to b6e4305c3bca4c673996d0af9db0f4cfbf50215e. --- .../app/templates/config/initializers/content_security_policy.rb.tt | 4 ---- 1 file changed, 4 deletions(-) (limited to 'railties/lib') diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt index c517b0f96b..d3bcaa5ec8 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt @@ -11,10 +11,6 @@ # policy.object_src :none # policy.script_src :self, :https # policy.style_src :self, :https -<%- unless options[:skip_javascript] -%> -# # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? -<%- end -%> # # Specify URI for violation reports # # policy.report_uri "/csp-violation-report-endpoint" -- cgit v1.2.3