aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
diff options
context:
space:
mode:
Diffstat (limited to 'railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt')
-rw-r--r--railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt3
1 files changed, 3 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
index c517b0f96b..3d468f7633 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
@@ -23,6 +23,9 @@
# If you are using UJS then enable automatic nonce generation
# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
+# Set the nonce only to specific directives
+# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
+
# Report CSP violations to a specified URI
# For further information see the following documentation:
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 14:44:23 +0000