aboutsummaryrefslogblamecommitdiffstats
path: root/railties/lib/rails/application_controller.rb
blob: b3fe822218f5e8364c947deed843ca73d24f149f (plain) (tree)
1
2
3
4
5
6
7
8
9

                             
                                                                     
                                                          
                      
 


                                                       

                                    

     
         
 



                                                                                                                                        
       
 


                                                                            



                                                           
   
# frozen_string_literal: true

class Rails::ApplicationController < ActionController::Base # :nodoc:
  self.view_paths = File.expand_path("templates", __dir__)
  layout "application"

  before_action :disable_content_security_policy_nonce!

  content_security_policy do |policy|
    policy.script_src :unsafe_inline
    policy.style_src :unsafe_inline
  end

  private

    def require_local!
      unless local_request?
        render html: "<p>For security purposes, this information is only available to local requests.</p>".html_safe, status: :forbidden
      end
    end

    def local_request?
      Rails.application.config.consider_all_requests_local || request.local?
    end

    def disable_content_security_policy_nonce!
      request.content_security_policy_nonce_generator = nil
    end
end