Class: SecureHeaders::ContentSecurityPolicyConfig

Inherits:

Object

Object
SecureHeaders::ContentSecurityPolicyConfig

show all

Includes:: DynamicConfig

Defined in:: lib/secure_headers/headers/content_security_policy_config.rb

Direct Known Subclasses

ContentSecurityPolicyReportOnlyConfig

Constant Summary collapse

HEADER_NAME =

"Content-Security-Policy".freeze

ATTRS =

Set.new(PolicyManagement::ALL_DIRECTIVES + PolicyManagement::META_CONFIGS + PolicyManagement::NONCES)

DEFAULT = based on what was suggested in github.com/rails/rails/pull/24961/files

{
  default_src: %w('self' https:),
  font_src: %w('self' https: data:),
  img_src: %w('self' https: data:),
  object_src: %w('none'),
  script_src: %w(https:),
  style_src: %w('self' https: 'unsafe-inline')
}

Class Method Summary collapse

.attrs ⇒ Object

Instance Method Summary collapse

Methods included from DynamicConfig

#==, #append, #directive_value, #dup, #initialize, #initialize_copy, #merge, #merge!, #opt_out?, #to_h, #update_directive

Class Method Details

.attrs ⇒ `Object`



84
85
86

# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 84

def self.attrs
  ATTRS
end

Instance Method Details

#make_report_only ⇒ `Object`



104
105
106

# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 104

def make_report_only
  ContentSecurityPolicyReportOnlyConfig.new(self.to_h)
end

#report_only? ⇒ `Boolean`

Returns:

(Boolean)



100
101
102

# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 100

def report_only?
  false
end

Class: SecureHeaders::ContentSecurityPolicyConfig

Direct Known Subclasses

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from DynamicConfig

Class Method Details

.attrs ⇒ Object

Instance Method Details

#make_report_only ⇒ Object

#report_only? ⇒ Boolean

.attrs ⇒ `Object`

#make_report_only ⇒ `Object`

#report_only? ⇒ `Boolean`