aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/application_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'railties/lib/rails/application_controller.rb')
-rw-r--r--railties/lib/rails/application_controller.rb29
1 files changed, 29 insertions, 0 deletions
diff --git a/railties/lib/rails/application_controller.rb b/railties/lib/rails/application_controller.rb
new file mode 100644
index 0000000000..b3fe822218
--- /dev/null
+++ b/railties/lib/rails/application_controller.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class Rails::ApplicationController < ActionController::Base # :nodoc:
+ self.view_paths = File.expand_path("templates", __dir__)
+ layout "application"
+
+ before_action :disable_content_security_policy_nonce!
+
+ content_security_policy do |policy|
+ policy.script_src :unsafe_inline
+ policy.style_src :unsafe_inline
+ end
+
+ private
+
+ def require_local!
+ unless local_request?
+ render html: "<p>For security purposes, this information is only available to local requests.</p>".html_safe, status: :forbidden
+ end
+ end
+
+ def local_request?
+ Rails.application.config.consider_all_requests_local || request.local?
+ end
+
+ def disable_content_security_policy_nonce!
+ request.content_security_policy_nonce_generator = nil
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 10:18:14 +0000