diff options
author | Andrew White <andrew.white@unboxed.co> | 2018-03-08 14:01:15 +0000 |
---|---|---|
committer | Andrew White <andrew.white@unboxed.co> | 2018-03-08 14:01:15 +0000 |
commit | af406a753c59266c61e9ebcd0f131fdc6533a124 (patch) | |
tree | 50ab44037136e1e1313d15e98a95414732cc7a02 /actionpack/lib | |
parent | f30ac99d0c814ab69488e08aa3841bf45208fb2c (diff) | |
download | rails-af406a753c59266c61e9ebcd0f131fdc6533a124.tar.gz rails-af406a753c59266c61e9ebcd0f131fdc6533a124.tar.bz2 rails-af406a753c59266c61e9ebcd0f131fdc6533a124.zip |
Add the ability to disable the global CSP in a controller
e.g:
class LegacyPagesController < ApplicationController
content_security_policy false, only: :index
end
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_controller/metal/content_security_policy.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/content_security_policy.rb b/actionpack/lib/action_controller/metal/content_security_policy.rb index 95f2f3242d..67682e7f4f 100644 --- a/actionpack/lib/action_controller/metal/content_security_policy.rb +++ b/actionpack/lib/action_controller/metal/content_security_policy.rb @@ -14,13 +14,17 @@ module ActionController #:nodoc: end module ClassMethods - def content_security_policy(**options, &block) + def content_security_policy(enabled = true, **options, &block) before_action(options) do if block_given? policy = request.content_security_policy.clone yield policy request.content_security_policy = policy end + + unless enabled + request.content_security_policy = nil + end end end |