From 4fc3c4b26929349a2a21caea86a94c5bd8335e5c Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Tue, 23 Apr 2024 15:50:32 -0400
Subject: [PATCH] Add object_src

---
 config/initializers/secure_headers.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 63bc18e1e0b..e191b7f1da0 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -22,6 +22,7 @@
       :font_src    => ["'self'", 'https://fonts.gstatic.com', "https://fonts.googleapis.com"],
       :frame_src   => ["'self'"],
       :img_src     => ["'self'", "data:"],
+      :object_src  => ["'self'"],
       :script_src  => ["'unsafe-eval'", "'unsafe-inline'", "'self'"],
       :style_src   => ["'unsafe-inline'", "'self'", "https://fonts.googleapis.com", "https://fonts.gstatic.com"],
     }