From 456c3ffdbe37d430c12ad269514674cc89f38c11 Mon Sep 17 00:00:00 2001
From: Andrew White <andrew.white@unboxed.co>
Date: Wed, 15 Nov 2017 21:07:28 +0000
Subject: Add DSL for configuring Content-Security-Policy header

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
---
 railties/lib/rails/application/default_middleware_stack.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'railties/lib/rails/application/default_middleware_stack.rb')

diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index ea2273c1f2..0e79ba7da0 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -63,6 +63,10 @@ module Rails
             middleware.use ::ActionDispatch::Flash
           end
 
+          unless config.api_only
+            middleware.use ::ActionDispatch::ContentSecurityPolicy::Middleware
+          end
+
           middleware.use ::Rack::Head
           middleware.use ::Rack::ConditionalGet
           middleware.use ::Rack::ETag, "no-cache"
-- 
cgit v1.2.3