1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-02-17 11:54:22 +01:00

(bug) Refused to connect to wss://localhost:3035/ws because it violates the following Content Security Policy directive

This commit is contained in:
Sylvain 2022-03-29 14:12:26 +02:00
parent 0ea885f73d
commit 9a27f952a5
2 changed files with 2 additions and 1 deletions

View File

@ -8,6 +8,7 @@
- Webpack overlay will now report eslint issues
- Linted all code according to eslint rules
- when generating an avoir, the option "by_wallet" is not present anymore if wallet module is off
- Fix a bug: Refused to connect to 'wss://localhost:3035/ws' when using a https tunnel in development mode
- Fix a bug: edge case of birthday in the future in seeds.rb, we should use Date.current instead of DateTime.current since birthday is a date (see https://github.com/sleede/fab-manager/issues/344)
- Fix a security issue: updated ruby to 2.6.10 to fix [CVE-2022-28739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739)
- Fix a security issue: updated rails to 5.2.7.1 to fix [CVE-2022-22577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577) and [CVE-2022-27777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777)

View File

@ -7,7 +7,7 @@
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Rails.application.config.content_security_policy do |policy| # # If you are using webpack-dev-server then specify webpack-dev-server host
policy.connect_src :self, :https, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development?
policy.connect_src :self, :https, :wss, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development?
# policy.default_src :self, :https
# policy.font_src :self, :https, :data