diff options
| author | Yuji Yaginuma <yuuji.yaginuma@gmail.com> | 2019-07-03 08:23:48 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-03 08:23:48 +0900 |
| commit | 141b30630cc9ec15dd5aa88e062383adedd335de (patch) | |
| tree | c39e6ebe6850e7e8816b1cf8069460d98ff92b29 /railties/lib/rails/generators | |
| parent | 41503f3d08418fb2dfe0eb85ac797059d9590051 (diff) | |
| parent | 09d55b302266cf002a4b307f8d37a105d2838a18 (diff) | |
| download | rails-141b30630cc9ec15dd5aa88e062383adedd335de.tar.gz rails-141b30630cc9ec15dd5aa88e062383adedd335de.tar.bz2 rails-141b30630cc9ec15dd5aa88e062383adedd335de.zip | |
Merge pull request #36534 from y-yagi/fixes_35137
Add the ability to set the CSP nonce only to the specified directives
Diffstat (limited to 'railties/lib/rails/generators')
| -rw-r--r-- | railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt index c517b0f96b..3d468f7633 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt @@ -23,6 +23,9 @@ # If you are using UJS then enable automatic nonce generation # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } +# Set the nonce only to specific directives +# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) + # Report CSP violations to a specified URI # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only |