diff options
Diffstat (limited to 'railties/lib/rails/application_controller.rb')
-rw-r--r-- | railties/lib/rails/application_controller.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/railties/lib/rails/application_controller.rb b/railties/lib/rails/application_controller.rb new file mode 100644 index 0000000000..b3fe822218 --- /dev/null +++ b/railties/lib/rails/application_controller.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class Rails::ApplicationController < ActionController::Base # :nodoc: + self.view_paths = File.expand_path("templates", __dir__) + layout "application" + + before_action :disable_content_security_policy_nonce! + + content_security_policy do |policy| + policy.script_src :unsafe_inline + policy.style_src :unsafe_inline + end + + private + + def require_local! + unless local_request? + render html: "<p>For security purposes, this information is only available to local requests.</p>".html_safe, status: :forbidden + end + end + + def local_request? + Rails.application.config.consider_all_requests_local || request.local? + end + + def disable_content_security_policy_nonce! + request.content_security_policy_nonce_generator = nil + end +end |