actionpack/lib/action_controller/metal/content_security_policy.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# frozen_string_literal: true

module ActionController #:nodoc:
  module ContentSecurityPolicy
    # TODO: Documentation
    extend ActiveSupport::Concern

    module ClassMethods
      def content_security_policy(**options, &block)
        before_action(options) do
          if block_given?
            policy = request.content_security_policy.clone
            yield policy
            request.content_security_policy = policy
          end
        end
      end

      def content_security_policy_report_only(report_only = true, **options)
        before_action(options) do
          request.content_security_policy_report_only = report_only
        end
      end
    end
  end
end