diff options
| author | Andrew White <andrew.white@unboxed.co> | 2017-11-15 21:07:28 +0000 |
|---|---|---|
| committer | Andrew White <andrew.white@unboxed.co> | 2017-11-27 05:59:26 +0000 |
| commit | 456c3ffdbe37d430c12ad269514674cc89f38c11 (patch) | |
| tree | daf49d80a963ce77e13594c2e9c159c73ad6b1ca /actionpack/lib/action_controller/metal/content_security_policy.rb | |
| parent | 28333d62ee15ec95cc4270c880c90f395e075b3b (diff) | |
| download | rails-456c3ffdbe37d430c12ad269514674cc89f38c11.tar.gz rails-456c3ffdbe37d430c12ad269514674cc89f38c11.tar.bz2 rails-456c3ffdbe37d430c12ad269514674cc89f38c11.zip | |
Add DSL for configuring Content-Security-Policy header
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Diffstat (limited to 'actionpack/lib/action_controller/metal/content_security_policy.rb')
| -rw-r--r-- | actionpack/lib/action_controller/metal/content_security_policy.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/content_security_policy.rb b/actionpack/lib/action_controller/metal/content_security_policy.rb new file mode 100644 index 0000000000..48a7109bea --- /dev/null +++ b/actionpack/lib/action_controller/metal/content_security_policy.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module ActionController #:nodoc: + module ContentSecurityPolicy + # TODO: Documentation + extend ActiveSupport::Concern + + module ClassMethods + def content_security_policy(**options, &block) + before_action(options) do + if block_given? + policy = request.content_security_policy.clone + yield policy + request.content_security_policy = policy + end + end + end + + def content_security_policy_report_only(report_only = true, **options) + before_action(options) do + request.content_security_policy_report_only = report_only + end + end + end + end +end |