aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/content_security_policy.rb
Commit message (Expand)AuthorAgeFilesLines
* Use match? where we don't need MatchDataAkira Matsuda2019-07-291-1/+1
* Add support for script-src-attr / elem and style-src-attr / elem directivesyuuji.yaginuma2019-07-181-0/+4
* Add the ability to set the CSP nonce only to the specified directivesyuuji.yaginuma2019-06-221-9/+20
* Enable `Layout/EmptyLinesAroundAccessModifier` copRyuta Kamizono2019-06-131-2/+0
* Use request object for context if there's no controllerAndrew White2018-10-221-1/+2
* Apply mapping to symbols returned from dynamic CSP sourcesAndrew White2018-10-221-1/+2
* Add `Style/RedundantFreeze` to remove redudant `.freeze`Yasuo Honda2018-09-291-7/+7
* Add CSP nonce to `style-src` directiveyuuji.yaginuma2018-05-191-1/+1
* Add support for prefetch-src directiveyuuji.yaginuma2018-05-031-0/+1
* Remove unused literal introduced in #32602Andrew White2018-04-181-1/+0
* Pass nonce to CSP policy from outsideAndrew White2018-04-181-31/+24
* Output only one nonce in CSP header per requestAndrey Novikov2018-04-171-17/+30
* Add WebSocket URI support to CSP DSL mappingsStephen Solis2018-04-121-1/+3
* Add support for automatic nonce generation for Rails UJSAndrew White2018-02-191-0/+32
* Remove trailing semi-colon from CSPAndrew White2018-02-191-1/+1
* Revert "Merge pull request #32045 from eagletmt/skip-csp-header"Andrew White2018-02-191-10/+2
* Skip generating empty CSP header when no policy is configuredKohei Suzuki2018-02-181-2/+10
* Add missing requireyuuji.yaginuma2017-12-051-0/+2
* Fix CSP copy boolean directives (#31326)Simon Dawson2017-12-051-5/+1
* Add DSL for configuring Content-Security-Policy headerAndrew White2017-11-271-0/+233