ActionDispatch::ContentSecurityPolicy

Namespace

Module

ActionDispatch::ContentSecurityPolicy::Request

Class

ActionDispatch::ContentSecurityPolicy::Middleware

Methods

block_all_mixed_content
build
initialize_copy
new
plugin_types
report_uri
require_sri_for
sandbox
upgrade_insecure_requests

Attributes

[R]

directives

Class Public methods

new()

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 148
    def initialize
      @directives = {}
      yield self if block_given?
    end

🔎 See on GitHub

Instance Public methods

block_all_mixed_content(enabled = true)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 167
    def block_all_mixed_content(enabled = true)
      if enabled
        @directives["block-all-mixed-content"] = true
      else
        @directives.delete("block-all-mixed-content")
      end
    end

🔎 See on GitHub

build(context = nil, nonce = nil, nonce_directives = nil)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 213
    def build(context = nil, nonce = nil, nonce_directives = nil)
      nonce_directives = DEFAULT_NONCE_DIRECTIVES if nonce_directives.nil?
      build_directives(context, nonce, nonce_directives).compact.join("; ")
    end

🔎 See on GitHub

initialize_copy(other)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 153
    def initialize_copy(other)
      @directives = other.directives.deep_dup
    end

🔎 See on GitHub

plugin_types(*types)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 175
    def plugin_types(*types)
      if types.first
        @directives["plugin-types"] = types
      else
        @directives.delete("plugin-types")
      end
    end

🔎 See on GitHub

report_uri(uri)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 183
    def report_uri(uri)
      @directives["report-uri"] = [uri]
    end

🔎 See on GitHub

require_sri_for(*types)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 187
    def require_sri_for(*types)
      if types.first
        @directives["require-sri-for"] = types
      else
        @directives.delete("require-sri-for")
      end
    end

🔎 See on GitHub

sandbox(*values)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 195
    def sandbox(*values)
      if values.empty?
        @directives["sandbox"] = true
      elsif values.first
        @directives["sandbox"] = values
      else
        @directives.delete("sandbox")
      end
    end

🔎 See on GitHub

upgrade_insecure_requests(enabled = true)

📝 Source code

# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 205
    def upgrade_insecure_requests(enabled = true)
      if enabled
        @directives["upgrade-insecure-requests"] = true
      else
        @directives.delete("upgrade-insecure-requests")
      end
    end

🔎 See on GitHub

ActionDispatch::ContentSecurityPolicy < Object

Namespace

Module

Class

Methods

Attributes

Class Public methods

new()

Instance Public methods

block_all_mixed_content(enabled = true)

build(context = nil, nonce = nil, nonce_directives = nil)

initialize_copy(other)

plugin_types(*types)

report_uri(uri)

require_sri_for(*types)

sandbox(*values)

upgrade_insecure_requests(enabled = true)