Class: ActionDispatch::ContentSecurityPolicy
| Relationships & Source Files | |
| Namespace Children | |
|
Modules:
| |
|
Classes:
| |
| Inherits: | Object |
| Defined in: | actionpack/lib/action_dispatch/http/content_security_policy.rb |
Constant Summary
-
DIRECTIVES =
private
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 109{ base_uri: "base-uri", child_src: "child-src", connect_src: "connect-src", default_src: "default-src", font_src: "font-src", form_action: "form-action", frame_ancestors: "frame-ancestors", frame_src: "frame-src", img_src: "img-src", manifest_src: "manifest-src", media_src: "media-src", object_src: "object-src", script_src: "script-src", style_src: "style-src", worker_src: "worker-src" }.freeze -
MAPPINGS =
private
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 92{ self: "'self'", unsafe_eval: "'unsafe-eval'", unsafe_inline: "'unsafe-inline'", none: "'none'", http: "http:", https: "https:", data: "data:", mediastream: "mediastream:", blob: "blob:", filesystem: "filesystem:", report_sample: "'report-sample'", strict_dynamic: "'strict-dynamic'", ws: "ws:", wss: "wss:" }.freeze -
NONCE_DIRECTIVES =
private
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 127%w[script-src].freeze
Class Method Summary
- .new {|_self| ... } ⇒ ContentSecurityPolicy constructor
Instance Attribute Summary
- #directives readonly
Instance Method Summary
Constructor Details
.new {|_self| ... } ⇒ ContentSecurityPolicy
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 133
def initialize @directives = {} yield self if block_given? end
Instance Attribute Details
#directives (readonly)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 131
attr_reader :directives
Instance Method Details
#block_all_mixed_content(enabled = true)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 152
def block_all_mixed_content(enabled = true) if enabled @directives["block-all-mixed-content"] = true else @directives.delete("block-all-mixed-content") end end
#build(context = nil, nonce = nil)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 198
def build(context = nil, nonce = nil) build_directives(context, nonce).compact.join("; ") end
#initialize_copy(other)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 138
def initialize_copy(other) @directives = other.directives.deep_dup end
#plugin_types(*types)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 160
def plugin_types(*types) if types.first @directives["plugin-types"] = types else @directives.delete("plugin-types") end end
#report_uri(uri)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 168
def report_uri(uri) @directives["report-uri"] = [uri] end
#require_sri_for(*types)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 172
def require_sri_for(*types) if types.first @directives["require-sri-for"] = types else @directives.delete("require-sri-for") end end
#sandbox(*values)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 180
def sandbox(*values) if values.empty? @directives["sandbox"] = true elsif values.first @directives["sandbox"] = values else @directives.delete("sandbox") end end
#upgrade_insecure_requests(enabled = true)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 190
def upgrade_insecure_requests(enabled = true) if enabled @directives["upgrade-insecure-requests"] = true else @directives.delete("upgrade-insecure-requests") end end