From 31e0739fb53248b6ac08dd2db53d63b5920f280c Mon Sep 17 00:00:00 2001
From: Jeffrey Phillips Freeman <the@jeffreyfreeman.me>
Date: Thu, 29 Oct 2020 21:13:50 -0400
Subject: [PATCH] Added hcaptcha to conenct CSP.

---
 config/initializers/content_security_policy.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 875993ebc8..7fcf3eaabd 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -35,12 +35,12 @@ Rails.application.config.content_security_policy do |p|
   if Rails.env.development?
     webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }
 
-    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls
+    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls, *hcaptcha_hosts
     p.script_src  :self, :unsafe_inline, :unsafe_eval, assets_host, bootstrap_cdn_host, *hcaptcha_hosts
     p.child_src   :self, :blob, assets_host
     p.worker_src  :self, :blob, assets_host
   else
-    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
+    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *hcaptcha_hosts
     p.script_src  :self, assets_host, bootstrap_cdn_host, *hcaptcha_hosts
     p.child_src   :self, :blob, assets_host
     p.worker_src  :self, :blob, assets_host
-- 
GitLab