Class: Hanami::Config::Actions::ContentSecurityPolicy

Inherits:

Object

• Object
• Hanami::Config::Actions::ContentSecurityPolicy

Defined in:

lib/hanami/config/actions/content_security_policy.rb

Overview

Config for Content Security Policy in Hanami apps

Since:

• 2.0.0

Instance Method Summary

• #[](key) ⇒ String, NilClass

  Get a CSP setting.

• #[]=(key, value) ⇒ Object

  Set a CSP setting.

• #delete(key) ⇒ Object

  Deletes a CSP key.

• #initialize(&blk) ⇒ ContentSecurityPolicy constructor private

  A new instance of ContentSecurityPolicy.

• #initialize_copy(original_object) ⇒ Object private
• #to_s ⇒ Object private

Constructor Details

#initialize(&blk) ⇒ ContentSecurityPolicy

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of ContentSecurityPolicy.

Since:

• 2.0.0

# File 'lib/hanami/config/actions/content_security_policy.rb', line 12

def initialize(&blk)
  @policy = {
    base_uri: "'self'",
    child_src: "'self'",
    connect_src: "'self'",
    default_src: "'none'",
    font_src: "'self'",
    form_action: "'self'",
    frame_ancestors: "'self'",
    frame_src: "'self'",
    img_src: "'self' https: data:",
    media_src: "'self'",
    object_src: "'none'",
    script_src: "'self'",
    style_src: "'self' 'unsafe-inline' https:"
  }

  blk&.(self)
end

Instance Method Details

#[](key) ⇒ String, NilClass

Get a CSP setting

Examples:

module MyApp
  class App < Hanami::App
    config.actions.content_security_policy[:base_uri] # => "'self'"
  end
end

Parameters:

• key (Symbol) —

  the underscored name of the CPS setting

Returns:

• (String, NilClass) —

  the CSP setting, if any

Since:

• 2.0.0

# File 'lib/hanami/config/actions/content_security_policy.rb', line 53

def [](key)
  @policy[key]
end

#[]=(key, value) ⇒ Object

Set a CSP setting

Examples:

Replace a default value

module MyApp
  class App < Hanami::App
    config.actions.content_security_policy[:plugin_types] = nil
  end
end

Append to a default value

module MyApp
  class App < Hanami::App
    config.actions.content_security_policy[:script_src] += " https://my.cdn.test"
  end
end

Parameters:

• key (Symbol) —

  the underscored name of the CPS setting

• value (String) —

  the CSP setting value

Since:

• 2.0.0

# File 'lib/hanami/config/actions/content_security_policy.rb', line 78

def []=(key, value)
  @policy[key] = value
end

#delete(key) ⇒ Object

Deletes a CSP key

Examples:

module MyApp
  class App < Hanami::App
    config.actions.content_security_policy.delete(:object_src)
  end
end

Parameters:

• key (Symbol) —

  the underscored name of the CPS setting

Since:

• 2.0.0

# File 'lib/hanami/config/actions/content_security_policy.rb', line 95

def delete(key)
  @policy.delete(key)
end

#initialize_copy(original_object) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.0.0

# File 'lib/hanami/config/actions/content_security_policy.rb', line 34

def initialize_copy(original_object)
  @policy = original_object.instance_variable_get(:@policy).dup
  super
end

#to_s ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.0.0

# File 'lib/hanami/config/actions/content_security_policy.rb', line 101

def to_s
  @policy.map do |key, value|
    "#{dasherize(key)} #{value}"
  end.join(";")
end