From f0b0d4651ee2146ef296208464fca0028022f9dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=AC=B4=EB=9D=BC=EC=BF=A0=EB=AA=A8?= <space@psec.dev>
Date: Fri, 27 Sep 2024 19:01:50 +0900
Subject: [PATCH] fix: CSP

---
 config/initializers/content_security_policy.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 9f4a41e3a..41aa7ed0f 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -18,7 +18,7 @@ Rails.application.config.content_security_policy do |p|
   p.frame_ancestors :none
   p.font_src        :self, assets_host
   p.img_src         :self, :data, :blob, *media_hosts
-  p.style_src       :self, assets_host
+  p.style_src       :self, assets_host, *media_hosts
   p.media_src       :self, :data, *media_hosts
   p.manifest_src    :self, assets_host
 
@@ -57,7 +57,7 @@ Rails.application.config.content_security_policy_nonce_directives = %w(style-src
 Rails.application.reloader.to_prepare do
   PgHero::HomeController.content_security_policy do |p|
     p.script_src :self, :unsafe_inline, assets_host
-    p.style_src  :self, :unsafe_inline, assets_host
+    p.style_src  :self, :unsafe_inline, assets_host, *media_hosts
   end
 
   PgHero::HomeController.after_action do
@@ -70,8 +70,8 @@ Rails.application.reloader.to_prepare do
       p.connect_src     :none
       p.frame_ancestors :self
       p.frame_src       :self
-      p.script_src      :unsafe_inline
-      p.style_src       :unsafe_inline
+      p.script_src      :self, :unsafe_inline
+      p.style_src       :self, :unsafe_inline, *media_hosts
       p.worker_src      :none
     end