From 456c3ffdbe37d430c12ad269514674cc89f38c11 Mon Sep 17 00:00:00 2001 From: Andrew White Date: Wed, 15 Nov 2017 21:07:28 +0000 Subject: Add DSL for configuring Content-Security-Policy header https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy --- actionpack/lib/action_controller/base.rb | 1 + .../metal/content_security_policy.rb | 26 ++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 actionpack/lib/action_controller/metal/content_security_policy.rb (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index b73269871b..204a3d400c 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -225,6 +225,7 @@ module ActionController Flash, FormBuilder, RequestForgeryProtection, + ContentSecurityPolicy, ForceSSL, Streaming, DataStreaming, diff --git a/actionpack/lib/action_controller/metal/content_security_policy.rb b/actionpack/lib/action_controller/metal/content_security_policy.rb new file mode 100644 index 0000000000..48a7109bea --- /dev/null +++ b/actionpack/lib/action_controller/metal/content_security_policy.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module ActionController #:nodoc: + module ContentSecurityPolicy + # TODO: Documentation + extend ActiveSupport::Concern + + module ClassMethods + def content_security_policy(**options, &block) + before_action(options) do + if block_given? + policy = request.content_security_policy.clone + yield policy + request.content_security_policy = policy + end + end + end + + def content_security_policy_report_only(report_only = true, **options) + before_action(options) do + request.content_security_policy_report_only = report_only + end + end + end + end +end -- cgit v1.2.3