Module: BetterContentSecurityPolicy::HasContentSecurityPolicy

Extended by:: ActiveSupport::Concern

Defined in:: lib/better_content_security_policy/has_content_security_policy.rb

Overview

Include this module in your ApplicationController to configure a dynamic Content Security Policy. The header will be set in an after_action after the response has been rendered. This means that you can also modify the policy in your views. You must call ‘after_action :set_content_security_policy_header’ in your own controller.

Instance Method Summary collapse

#configure_content_security_policy ⇒ Object

Override this method in your controller to configure the content security policy.
#content_security_policy ⇒ Object
#set_content_security_policy_header ⇒ Object

Instance Method Details

#configure_content_security_policy ⇒ `Object`

Override this method in your controller to configure the content security policy. Call ‘super` if you want to inherit the parent controller’s policy.

26	# File 'lib/better_content_security_policy/has_content_security_policy.rb', line 26 def configure_content_security_policy; end

#content_security_policy ⇒ `Object`



20
21
22

# File 'lib/better_content_security_policy/has_content_security_policy.rb', line 20

def content_security_policy
  @content_security_policy ||= BetterContentSecurityPolicy::ContentSecurityPolicy.new
end

#set_content_security_policy_header ⇒ `Object`



28
29
30

# File 'lib/better_content_security_policy/has_content_security_policy.rb', line 28

def set_content_security_policy_header
  response.headers.merge!(content_security_policy.to_h)
end