aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoryuuji.yaginuma <yuuji.yaginuma@gmail.com>2018-05-03 11:38:17 +0900
committerYuji Yaginuma <yuuji.yaginuma@gmail.com>2018-05-03 15:46:03 +0900
commit1007191f31d7ce8486f1f32a5d700bbac66ae242 (patch)
treefe022c99fb49e71e8d050da744197fbbe084b958
parent847342c25c61acaea988430dc3ab66a82e3ed486 (diff)
downloadrails-1007191f31d7ce8486f1f32a5d700bbac66ae242.tar.gz
rails-1007191f31d7ce8486f1f32a5d700bbac66ae242.tar.bz2
rails-1007191f31d7ce8486f1f32a5d700bbac66ae242.zip
Add support for prefetch-src directive
Specification: https://w3c.github.io/webappsec-csp/#directive-prefetch-src This directive can already be used as an experimental feature in Chrome. Ref: https://bugs.chromium.org/p/chromium/issues/detail?id=801561
-rw-r--r--actionpack/lib/action_dispatch/http/content_security_policy.rb1
-rw-r--r--actionpack/test/dispatch/content_security_policy_test.rb6
2 files changed, 7 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/http/content_security_policy.rb b/actionpack/lib/action_dispatch/http/content_security_policy.rb
index 17e72b46ff..35041fd072 100644
--- a/actionpack/lib/action_dispatch/http/content_security_policy.rb
+++ b/actionpack/lib/action_dispatch/http/content_security_policy.rb
@@ -126,6 +126,7 @@ module ActionDispatch #:nodoc:
manifest_src: "manifest-src",
media_src: "media-src",
object_src: "object-src",
+ prefetch_src: "prefetch-src",
script_src: "script-src",
style_src: "style-src",
worker_src: "worker-src"
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb
index c4c7f53903..4f9a4ff2bd 100644
--- a/actionpack/test/dispatch/content_security_policy_test.rb
+++ b/actionpack/test/dispatch/content_security_policy_test.rb
@@ -116,6 +116,12 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase
@policy.object_src false
assert_no_match %r{object-src}, @policy.build
+ @policy.prefetch_src :self
+ assert_match %r{prefetch-src 'self'}, @policy.build
+
+ @policy.prefetch_src false
+ assert_no_match %r{prefetch-src}, @policy.build
+
@policy.script_src :self
assert_match %r{script-src 'self'}, @policy.build