TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #44449 from p8/docs/add-documentation-for-controller-csp

Browse Source 
Add documentation for controller CSP methods [ci-skip]
This commit is contained in:
Jonathan Hefner 2022-02-17 12:36:48 -06:00 committed by GitHub
commit 97bb0a9e37
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
actionpack/lib/action_controller/metal/content_security_policy.rb
View File

@ -14,6 +14,29 @@ module ContentSecurityPolicy
end
module ClassMethods
# Overrides parts of the globally configured Content-Security-Policy
# header:
#
# class PostsController < ApplicationController
# content_security_policy do |policy|
# policy.base_uri "https://www.example.com"
# end
# end
#
# Options can be passed similar to +before_action+. For example, pass
# <tt>only: :index</tt> to override the header on the index action only:
#
# class PostsController < ApplicationController
# content_security_policy(only: :index) do |policy|
# policy.default_src :self, :https
# end
# end
#
# Pass +false+ to remove the Content-Security-Policy header:
#
# class PostsController < ApplicationController
# content_security_policy false, only: :index
# end
def content_security_policy(enabled = true, **options, &block)
before_action(options) do
if block_given?
@ -28,6 +51,18 @@ def content_security_policy(enabled = true, **options, &block)
end
end
# Overrides the globally configured Content-Security-Policy-Report-Only
# header:
#
# class PostsController < ApplicationController
# content_security_policy_report_only only: :index
# end
#
# Pass +false+ to remove the Content-Security-Policy-Report-Only header:
#
# class PostsController < ApplicationController
# content_security_policy_report_only false, only: :index
# end
def content_security_policy_report_only(report_only = true, **options)
before_action(options) do
request.content_security_policy_report_only = report_only