Merge pull request #34375 from y-yagi/add_connect_src_to_default_csp_initializer
Add `connect_src` example to content security policy initializer
This commit is contained in:
commit
90ee327b63
4
railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
4
railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
@ -11,6 +11,10 @@
|
||||
# policy.object_src :none
|
||||
# policy.script_src :self, :https
|
||||
# policy.style_src :self, :https
|
||||
<%- unless options[:skip_javascript] -%>
|
||||
# # If you are using webpack-dev-server then specify webpack-dev-server host
|
||||
# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
|
||||
<%- end -%>
|
||||
|
||||
# # Specify URI for violation reports
|
||||
# # policy.report_uri "/csp-violation-report-endpoint"
|
||||
|
@ -230,6 +230,14 @@ def test_new_application_load_defaults
|
||||
assert_equal "false\n", output
|
||||
end
|
||||
|
||||
def test_csp_initializer_include_connect_src_example
|
||||
run_generator
|
||||
|
||||
assert_file "config/initializers/content_security_policy.rb" do |content|
|
||||
assert_match(/# policy\.connect_src/, content)
|
||||
end
|
||||
end
|
||||
|
||||
def test_app_update_keep_the_cookie_serializer_if_it_is_already_configured
|
||||
app_root = File.join(destination_root, "myapp")
|
||||
run_generator [app_root]
|
||||
@ -807,6 +815,9 @@ def test_skip_javascript_option
|
||||
end
|
||||
|
||||
assert_no_gem "webpacker"
|
||||
assert_file "config/initializers/content_security_policy.rb" do |content|
|
||||
assert_no_match(/policy\.connect_src/, content)
|
||||
end
|
||||
end
|
||||
|
||||
def test_webpack_option_with_js_framework
|
||||
|
Loading…
Reference in New Issue
Block a user