Class: ActionDispatch::ContentSecurityPolicy
| Relationships & Source Files | |
| Namespace Children | |
|
Modules:
| |
|
Classes:
| |
| Inherits: | Object |
| Defined in: | actionpack/lib/action_dispatch/http/content_security_policy.rb |
Constant Summary
-
DEFAULT_NONCE_DIRECTIVES =
private
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 142%w[script-src style-src].freeze
-
DIRECTIVES =
private
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 119{ base_uri: "base-uri", child_src: "child-src", connect_src: "connect-src", default_src: "default-src", font_src: "font-src", form_action: "form-action", frame_ancestors: "frame-ancestors", frame_src: "frame-src", img_src: "img-src", manifest_src: "manifest-src", media_src: "media-src", object_src: "object-src", prefetch_src: "prefetch-src", script_src: "script-src", script_src_attr: "script-src-attr", script_src_elem: "script-src-elem", style_src: "style-src", style_src_attr: "style-src-attr", style_src_elem: "style-src-elem", worker_src: "worker-src" }.freeze -
MAPPINGS =
private
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 102{ self: "'self'", unsafe_eval: "'unsafe-eval'", unsafe_inline: "'unsafe-inline'", none: "'none'", http: "http:", https: "https:", data: "data:", mediastream: "mediastream:", blob: "blob:", filesystem: "filesystem:", report_sample: "'report-sample'", strict_dynamic: "'strict-dynamic'", ws: "ws:", wss: "wss:" }.freeze
Class Method Summary
- .new {|_self| ... } ⇒ ContentSecurityPolicy constructor
Instance Attribute Summary
- #directives readonly
Instance Method Summary
Constructor Details
.new {|_self| ... } ⇒ ContentSecurityPolicy
# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 148
def initialize @directives = {} yield self if block_given? end
Instance Attribute Details
#directives (readonly)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 146
attr_reader :directives
Instance Method Details
#block_all_mixed_content(enabled = true)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 167
def block_all_mixed_content(enabled = true) if enabled @directives["block-all-mixed-content"] = true else @directives.delete("block-all-mixed-content") end end
#build(context = nil, nonce = nil, nonce_directives = nil)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 213
def build(context = nil, nonce = nil, nonce_directives = nil) nonce_directives = DEFAULT_NONCE_DIRECTIVES if nonce_directives.nil? build_directives(context, nonce, nonce_directives).compact.join("; ") end
#initialize_copy(other)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 153
def initialize_copy(other) @directives = other.directives.deep_dup end
#plugin_types(*types)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 175
def plugin_types(*types) if types.first @directives["plugin-types"] = types else @directives.delete("plugin-types") end end
#report_uri(uri)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 183
def report_uri(uri) @directives["report-uri"] = [uri] end
#require_sri_for(*types)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 187
def require_sri_for(*types) if types.first @directives["require-sri-for"] = types else @directives.delete("require-sri-for") end end
#sandbox(*values)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 195
def sandbox(*values) if values.empty? @directives["sandbox"] = true elsif values.first @directives["sandbox"] = values else @directives.delete("sandbox") end end
#upgrade_insecure_requests(enabled = true)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/content_security_policy.rb', line 205
def upgrade_insecure_requests(enabled = true) if enabled @directives["upgrade-insecure-requests"] = true else @directives.delete("upgrade-insecure-requests") end end