Class: Gitlab::ContentSecurityPolicy::ConfigLoader

Inherits:

Object

Object
Gitlab::ContentSecurityPolicy::ConfigLoader

Defined in:: lib/gitlab/content_security_policy/config_loader.rb

Constant Summary collapse

DIRECTIVES =

%w(base_uri child_src connect_src default_src font_src
form_action frame_ancestors frame_src img_src manifest_src
media_src object_src report_uri script_src style_src worker_src).freeze

Class Method Summary collapse

.default_settings_hash ⇒ Object

Instance Method Summary collapse

#initialize(csp_directives) ⇒ ConfigLoader constructor

A new instance of ConfigLoader.
#load(policy) ⇒ Object

Constructor Details

#initialize(csp_directives) ⇒ `ConfigLoader`

Returns a new instance of ConfigLoader.


18
19
20

# File 'lib/gitlab/content_security_policy/config_loader.rb', line 18

def initialize(csp_directives)
  @csp_directives = HashWithIndifferentAccess.new(csp_directives)
end

Class Method Details

.default_settings_hash ⇒ `Object`

# File 'lib/gitlab/content_security_policy/config_loader.rb', line 10

def self.default_settings_hash
  {
    'enabled' => false,
    'report_only' => false,
    'directives' => DIRECTIVES.each_with_object({}) { |directive, hash| hash[directive] = nil }
  }
end

Instance Method Details

#load(policy) ⇒ `Object`

# File 'lib/gitlab/content_security_policy/config_loader.rb', line 22

def load(policy)
  DIRECTIVES.each do |directive|
    arguments = arguments_for(directive)

    next unless arguments.present?

    policy.public_send(directive, *arguments) # rubocop:disable GitlabSecurity/PublicSend
  end
end

Class: Gitlab::ContentSecurityPolicy::ConfigLoader

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(csp_directives) ⇒ ConfigLoader

Class Method Details

.default_settings_hash ⇒ Object

Instance Method Details

#load(policy) ⇒ Object

#initialize(csp_directives) ⇒ `ConfigLoader`

.default_settings_hash ⇒ `Object`

#load(policy) ⇒ `Object`