method

content_security_policy

v7.1.3.2 - Show latest stable - 0 notes - Class: ClassMethods

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3 (0)
6.0.0 (0)
6.1.3.1 (0)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (38)
What's this?

content_security_policy(enabled = true, **options, &block) public

Overrides parts of the globally configured Content-Security-Policy header:

class PostsController < ApplicationController
  content_security_policy do |policy|
    policy.base_uri "https://www.example.com"
  end
end

Options can be passed similar to before_action. For example, pass only: :index to override the header on the index action only:

class PostsController < ApplicationController
  content_security_policy(only: :index) do |policy|
    policy.default_src :self, :https
  end
end

Pass false to remove the Content-Security-Policy header:

class PostsController < ApplicationController
  content_security_policy false, only: :index
end

Show source

# File actionpack/lib/action_controller/metal/content_security_policy.rb, line 39
      def content_security_policy(enabled = true, **options, &block)
        before_action(options) do
          if block_given?
            policy = current_content_security_policy
            instance_exec(policy, &block)
            request.content_security_policy = policy
          end

          unless enabled
            request.content_security_policy = nil
          end
        end
      end

content_security_policy

Related methods

Flowdock - Team Inbox With Chat for Software Developers