Class: ActionDispatch::ContentSecurityPolicy

Inherits:
Object
  • Object
show all
Defined in:
actionpack/lib/action_dispatch/http/content_security_policy.rb

Defined Under Namespace

Modules: Request Classes: Middleware

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize {|_self| ... } ⇒ ContentSecurityPolicy

Returns a new instance of ContentSecurityPolicy.

Yields:

  • (_self)

Yield Parameters:



154
155
156
157
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 154

def initialize
  @directives = {}
  yield self if block_given?
end

Instance Attribute Details

#directivesObject (readonly)

Returns the value of attribute directives



152
153
154
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 152

def directives
  @directives
end

Instance Method Details

#block_all_mixed_content(enabled = true) ⇒ Object



173
174
175
176
177
178
179
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 173

def block_all_mixed_content(enabled = true)
  if enabled
    @directives["block-all-mixed-content"] = true
  else
    @directives.delete("block-all-mixed-content")
  end
end

#build(context = nil, nonce = nil, nonce_directives = nil) ⇒ Object



219
220
221
222
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 219

def build(context = nil, nonce = nil, nonce_directives = nil)
  nonce_directives = DEFAULT_NONCE_DIRECTIVES if nonce_directives.nil?
  build_directives(context, nonce, nonce_directives).compact.join("; ")
end

#initialize_copy(other) ⇒ Object



159
160
161
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 159

def initialize_copy(other)
  @directives = other.directives.deep_dup
end

#plugin_types(*types) ⇒ Object



181
182
183
184
185
186
187
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 181

def plugin_types(*types)
  if types.first
    @directives["plugin-types"] = types
  else
    @directives.delete("plugin-types")
  end
end

#report_uri(uri) ⇒ Object



189
190
191
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 189

def report_uri(uri)
  @directives["report-uri"] = [uri]
end

#require_sri_for(*types) ⇒ Object



193
194
195
196
197
198
199
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 193

def require_sri_for(*types)
  if types.first
    @directives["require-sri-for"] = types
  else
    @directives.delete("require-sri-for")
  end
end

#sandbox(*values) ⇒ Object



201
202
203
204
205
206
207
208
209
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 201

def sandbox(*values)
  if values.empty?
    @directives["sandbox"] = true
  elsif values.first
    @directives["sandbox"] = values
  else
    @directives.delete("sandbox")
  end
end

#upgrade_insecure_requests(enabled = true) ⇒ Object



211
212
213
214
215
216
217
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 211

def upgrade_insecure_requests(enabled = true)
  if enabled
    @directives["upgrade-insecure-requests"] = true
  else
    @directives.delete("upgrade-insecure-requests")
  end
end