Skip to content

Commit

Permalink
Add unsafe-inline to allow bucket graph to display (#4031)
Browse files Browse the repository at this point in the history 
The current CSP policy for Sidekiq Web appears to block the inline
script that renders the bucket charts for limits.

This change updates the script CSP rules to match the style CSP rules to
allow the chart to successfully render. In our application this change
made the bucket charts successfully render.

cc: #3913, #4030
  • Loading branch information
@geoffharcourt @mperham
geoffharcourt authored and mperham committed Nov 28, 2018
1 parent d1b2d00 commit 78f3b68
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/sidekiq/web/application.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ class WebApplication
"manifest-src 'self'",
"media-src 'self'",
"object-src 'none'",
"script-src 'self' https: http:",
"script-src 'self' https: http: 'unsafe-inline'",
"style-src 'self' https: http: 'unsafe-inline'",
"worker-src 'self'",
"base-uri 'self'"
Expand Down

3 comments on commit 78f3b68

@geoffharcourt
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mperham is it possible to cut a new patch release for base Sidekiq? We're running a fork to get our limit graphs working and this would help us move back to upstream.

@mperham
Copy link
Collaborator

@mperham mperham commented on 78f3b68 Jan 3, 2019 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@geoffharcourt
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @mperham!

Please sign in to comment.