Class: ContentSecurityPolicy

Inherits:
Object
  • Object
show all
Defined in:
lib/content_security_policy.rb,
lib/content_security_policy/builder.rb,
lib/content_security_policy/default.rb,
lib/content_security_policy/extension.rb,
lib/content_security_policy/middleware.rb

Defined Under Namespace

Modules: Extension Classes: Builder, Default, Middleware

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.nonce_placeholder(response_headers) ⇒ Object



11
12
13
14
15
# File 'lib/content_security_policy.rb', line 11

def nonce_placeholder(response_headers)
  response_headers[
    ::Middleware::CspScriptNonceInjector::PLACEHOLDER_HEADER
  ] ||= "[[csp_nonce_placeholder_#{SecureRandom.hex}]]"
end

.policy(theme_id = nil, base_url: Discourse.base_url, path_info: "/") ⇒ Object



7
8
9
# File 'lib/content_security_policy.rb', line 7

def policy(theme_id = nil, base_url: Discourse.base_url, path_info: "/")
  new.build(theme_id, base_url: base_url, path_info: path_info)
end

Instance Method Details

#build(theme_id, base_url:, path_info: "/") ⇒ Object



18
19
20
21
22
23
24
25
26
# File 'lib/content_security_policy.rb', line 18

def build(theme_id, base_url:, path_info: "/")
  builder = Builder.new(base_url: base_url)

  Extension.theme_extensions(theme_id).each { |extension| builder << extension }
  Extension.plugin_extensions.each { |extension| builder << extension }
  builder << Extension.site_setting_extension

  builder.build
end