Module: SecureHeaders::ContentSecurityPolicy::Constants
- Included in:
- SecureHeaders::ContentSecurityPolicy
- Defined in:
- lib/secure_headers/headers/content_security_policy.rb
Constant Summary collapse
- DEFAULT_CSP_HEADER =
"default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https://* about: javascript:; img-src data:"- STANDARD_HEADER_NAME =
"Content-Security-Policy"- FF_CSP_ENDPOINT =
"/content_security_policy/forward_report"- DIRECTIVES =
[:default_src, :script_src, :frame_src, :style_src, :img_src, :media_src, :font_src, :object_src, :connect_src]
- META =
[:enforce, :http_additions, :disable_chrome_extension, :disable_fill_missing, :forward_endpoint]