Class: ContentSecurityPolicy::Builder

Inherits:

Object

Object
ContentSecurityPolicy::Builder

Defined in:: lib/content_security_policy/builder.rb

Constant Summary collapse

EXTENDABLE_DIRECTIVES =

%i[
  base_uri
  frame_ancestors
  manifest_src
  object_src
  script_src
  worker_src
].freeze

TO_BE_EXTENDABLE = Make extending these directives no-op, until core includes them in default CSP

%i[
  connect_src
  default_src
  font_src
  form_action
  frame_src
  img_src
  media_src
  prefetch_src
  style_src
].freeze

Instance Method Summary collapse

#<<(extension) ⇒ Object
#build ⇒ Object
#initialize(base_url:) ⇒ Builder constructor

A new instance of Builder.

Constructor Details

#initialize(base_url:) ⇒ `Builder`

Returns a new instance of Builder.

# File 'lib/content_security_policy/builder.rb', line 28

def initialize(base_url:)
  @directives = Default.new(base_url: base_url).directives
  @base_url = base_url
end

Instance Method Details

#<<(extension) ⇒ `Object`

# File 'lib/content_security_policy/builder.rb', line 33

def <<(extension)
  return unless valid_extension?(extension)

  extension.each do |directive, sources|
    extend_directive(normalize_directive(directive), sources)
  end
end

#build ⇒ `Object`

# File 'lib/content_security_policy/builder.rb', line 41

def build
  policy = ActionDispatch::ContentSecurityPolicy.new

  @directives.each do |directive, sources|
    if sources.is_a?(Array)
      policy.public_send(directive, *sources)
    else
      policy.public_send(directive, sources)
    end
  end

  policy.build
end

Class: ContentSecurityPolicy::Builder

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(base_url:) ⇒ Builder

Instance Method Details

#<<(extension) ⇒ Object

#build ⇒ Object

#initialize(base_url:) ⇒ `Builder`

#<<(extension) ⇒ `Object`

#build ⇒ `Object`