aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/content_security_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_dispatch/http/content_security_policy.rb')
-rw-r--r--actionpack/lib/action_dispatch/http/content_security_policy.rb20
1 files changed, 11 insertions, 9 deletions
diff --git a/actionpack/lib/action_dispatch/http/content_security_policy.rb b/actionpack/lib/action_dispatch/http/content_security_policy.rb
index 855be5ce2e..b1e5a28be5 100644
--- a/actionpack/lib/action_dispatch/http/content_security_policy.rb
+++ b/actionpack/lib/action_dispatch/http/content_security_policy.rb
@@ -5,9 +5,9 @@ require "active_support/core_ext/object/deep_dup"
module ActionDispatch #:nodoc:
class ContentSecurityPolicy
class Middleware
- CONTENT_TYPE = "Content-Type".freeze
- POLICY = "Content-Security-Policy".freeze
- POLICY_REPORT_ONLY = "Content-Security-Policy-Report-Only".freeze
+ CONTENT_TYPE = "Content-Type"
+ POLICY = "Content-Security-Policy"
+ POLICY_REPORT_ONLY = "Content-Security-Policy-Report-Only"
def initialize(app)
@app = app
@@ -22,7 +22,8 @@ module ActionDispatch #:nodoc:
if policy = request.content_security_policy
nonce = request.content_security_policy_nonce
- headers[header_name(request)] = policy.build(request.controller_instance, nonce)
+ context = request.controller_instance || request
+ headers[header_name(request)] = policy.build(context, nonce)
end
response
@@ -50,10 +51,10 @@ module ActionDispatch #:nodoc:
end
module Request
- POLICY = "action_dispatch.content_security_policy".freeze
- POLICY_REPORT_ONLY = "action_dispatch.content_security_policy_report_only".freeze
- NONCE_GENERATOR = "action_dispatch.content_security_policy_nonce_generator".freeze
- NONCE = "action_dispatch.content_security_policy_nonce".freeze
+ POLICY = "action_dispatch.content_security_policy"
+ POLICY_REPORT_ONLY = "action_dispatch.content_security_policy_report_only"
+ NONCE_GENERATOR = "action_dispatch.content_security_policy_nonce_generator"
+ NONCE = "action_dispatch.content_security_policy_nonce"
def content_security_policy
get_header(POLICY)
@@ -257,7 +258,8 @@ module ActionDispatch #:nodoc:
if context.nil?
raise RuntimeError, "Missing context for the dynamic content security policy source: #{source.inspect}"
else
- context.instance_exec(&source)
+ resolved = context.instance_exec(&source)
+ resolved.is_a?(Symbol) ? apply_mapping(resolved) : resolved
end
else
raise RuntimeError, "Unexpected content security policy source: #{source.inspect}"
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 20:59:10 +0000