Class: Middleware::GtmScriptNonceInjector

Inherits:

Object

Object
Middleware::GtmScriptNonceInjector

show all

Defined in:: lib/middleware/gtm_script_nonce_injector.rb

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, settings = {}) ⇒ GtmScriptNonceInjector constructor

A new instance of GtmScriptNonceInjector.

Constructor Details

#initialize(app, settings = {}) ⇒ `GtmScriptNonceInjector`

Returns a new instance of GtmScriptNonceInjector.



5
6
7

# File 'lib/middleware/gtm_script_nonce_injector.rb', line 5

def initialize(app, settings = {})
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/middleware/gtm_script_nonce_injector.rb', line 9

def call(env)
  status, headers, response = @app.call(env)

  if nonce_placeholder = headers.delete("Discourse-GTM-Nonce-Placeholder")
    nonce = SecureRandom.hex
    parts = []
    response.each { |part| parts << part.to_s.sub(nonce_placeholder, nonce) }
    %w[Content-Security-Policy Content-Security-Policy-Report-Only].each do |name|
      next if headers[name].blank?
      headers[name] = headers[name].sub("script-src ", "script-src 'nonce-#{nonce}' ")
    end
    [status, headers, parts]
  else
    [status, headers, response]
  end
end

Class: Middleware::GtmScriptNonceInjector

Instance Method Summary collapse

Constructor Details

#initialize(app, settings = {}) ⇒ GtmScriptNonceInjector

Instance Method Details

#call(env) ⇒ Object

#initialize(app, settings = {}) ⇒ `GtmScriptNonceInjector`

#call(env) ⇒ `Object`