Merge pull request #31239 from prathamesh-sonpatki/fix-changelog-for-csp

Fix CHANGELOG for CSP PR #31162 [ci skip]
rails · Nov 27, 2017 · f7dbc56 · f7dbc56
2 parents 723f29c + 5910c1d
commit f7dbc56
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
@@ -5,21 +5,21 @@
     about the Content-Security-Policy header see MDN:
 
     https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-    
+
     Example global policy:
-    
+
         # config/initializers/content_security_policy.rb
-        Rails.application.config.content_security_policy do
+        Rails.application.config.content_security_policy do |p|
           p.default_src :self, :https
           p.font_src    :self, :https, :data
           p.img_src     :self, :https, :data
           p.object_src  :none
           p.script_src  :self, :https
           p.style_src   :self, :https, :unsafe_inline
         end
-    
+
     Example controller overrides:
-    
+
         # Override policy inline
         class PostsController < ApplicationController
           content_security_policy do |p|
@@ -40,22 +40,22 @@
             p.base_uri :self, -> { "https://#{current_user.domain}.example.com" }
           end
         end
-        
+
     Allows you to also only report content violations for migrating
     legacy content using the `content_security_policy_report_only`
     configuration attribute, e.g;
-    
+
         # config/initializers/content_security_policy.rb
         Rails.application.config.content_security_policy_report_only = true
-        
+
         # controller override
         class PostsController < ApplicationController
           self.content_security_policy_report_only = true
         end
-    
+
     Note that this feature does not validate the header for performance
     reasons since the header is calculated at runtime.
-    
+
     *Andrew White*
 
 *   Make `assert_recognizes` to traverse mounted engines