Module: ContentSecurityPolicyPatch

Included in:
ApplicationController
Defined in:
app/controllers/concerns/content_security_policy_patch.rb

Overview

‘content_security_policy_with_context` makes the caller’s context available to the invoked block, as this is currently not accessible from ‘content_security_policy`

This patch is available in content_security_policy starting with Rails 7.2. Refs: github.com/rails/rails/pull/45115.

Instance Method Summary collapse

Instance Method Details

#content_security_policy_with_context(enabled = true, **options, &block) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'app/controllers/concerns/content_security_policy_patch.rb', line 10

def content_security_policy_with_context(enabled = true, **options, &block)
  if Rails.gem_version >= Gem::Version.new("7.2")
    ActiveSupport::Deprecation.warn(
      "content_security_policy_with_context should only be used with Rails < 7.2.
      Use content_security_policy instead.")
  end

  before_action(options) do
    if block
      policy = current_content_security_policy
      instance_exec(policy, &block)
      request.content_security_policy = policy
    end

    request.content_security_policy = nil unless enabled
  end
end