Class: SecureHeaders::ContentSecurityPolicyConfig

Inherits:
Object
  • Object
show all
Includes:
DynamicConfig
Defined in:
lib/secure_headers/headers/content_security_policy_config.rb

Direct Known Subclasses

ContentSecurityPolicyReportOnlyConfig

Constant Summary collapse

HEADER_NAME =
"content-security-policy".freeze
ATTRS =
Set.new(PolicyManagement::ALL_DIRECTIVES + PolicyManagement::META_CONFIGS + PolicyManagement::NONCES)
DEFAULT =

based on what was suggested in github.com/rails/rails/pull/24961/files

{
  default_src: %w('self' https:),
  font_src: %w('self' https: data:),
  img_src: %w('self' https: data:),
  object_src: %w('none'),
  script_src: %w(https:),
  style_src: %w('self' https: 'unsafe-inline')
}

Class Method Summary collapse

Instance Method Summary collapse

Methods included from DynamicConfig

#==, #append, #directive_value, #dup, #initialize, #initialize_copy, #merge, #merge!, #opt_out?, #to_h, #update_directive

Class Method Details

.attrsObject



84
85
86
# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 84

def self.attrs
  ATTRS
end

Instance Method Details

#make_report_onlyObject



104
105
106
# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 104

def make_report_only
  ContentSecurityPolicyReportOnlyConfig.new(self.to_h)
end

#report_only?Boolean

Returns:

  • (Boolean)


100
101
102
# File 'lib/secure_headers/headers/content_security_policy_config.rb', line 100

def report_only?
  false
end