Class: SecureHeaders::ContentSecurityPolicyConfig

Inherits:

Object

Object
SecureHeaders::ContentSecurityPolicyConfig

show all

Includes:: DynamicConfig

Defined in:: lib/secure_headers/headers/content_security_policy_config.rb

Direct Known Subclasses

ContentSecurityPolicyReportOnlyConfig

Constant Summary collapse

CONFIG_KEY =

:csp

HEADER_NAME =

"Content-Security-Policy".freeze

ATTRS =

PolicyManagement::ALL_DIRECTIVES + PolicyManagement::META_CONFIGS + PolicyManagement::NONCES

DEFAULT = based on what was suggested in github.com/rails/rails/pull/24961/files

{
  default_src: %w('self' https:),
  font_src: %w('self' https: data:),
  img_src: %w('self' https: data:),
  object_src: %w('none'),
  script_src: %w(https:),
  style_src: %w('self' https: 'unsafe-inline')
}

Class Method Summary collapse

.attrs ⇒ Object

Instance Method Summary collapse

Methods included from DynamicConfig

#==, #append, #directive_value, #dup, included, #initialize, #merge, #merge!, #modified?, #opt_out?, #to_h, #update_directive

Class Method Details

.attrs ⇒ `Object`



126
127
128

# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 126

def self.attrs
  ATTRS
end

Instance Method Details

#make_report_only ⇒ `Object`



146
147
148

# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 146

def make_report_only
  ContentSecurityPolicyReportOnlyConfig.new(self.to_h)
end

#report_only? ⇒ `Boolean`

Returns:

(Boolean)



142
143
144

# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 142

def report_only?
  false
end

Class: SecureHeaders::ContentSecurityPolicyConfig

Direct Known Subclasses

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from DynamicConfig

Class Method Details

.attrs ⇒ Object

Instance Method Details

#make_report_only ⇒ Object

#report_only? ⇒ Boolean

.attrs ⇒ `Object`

#make_report_only ⇒ `Object`

#report_only? ⇒ `Boolean`