Methods

Class Public methods

new(app)

📝 Source code 
# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 28
      def initialize(app)
        @app = app
      end
🔎 See on GitHub

Instance Public methods

call(env)

📝 Source code 
# File actionpack/lib/action_dispatch/http/content_security_policy.rb, line 32
      def call(env)
        status, headers, _ = response = @app.call(env)

        # Returning CSP headers with a 304 Not Modified is harmful, since nonces in the new
        # CSP headers might not match nonces in the cached HTML.
        return response if status == 304

        return response if policy_present?(headers)

        request = ActionDispatch::Request.new env

        if policy = request.content_security_policy
          nonce = request.content_security_policy_nonce
          nonce_directives = request.content_security_policy_nonce_directives
          context = request.controller_instance || request
          headers[header_name(request)] = policy.build(context, nonce, nonce_directives)
        end

        response
      end
🔎 See on GitHub