diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-06-27 22:52:50 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-06-27 22:52:50 +0200 |
| commit | 9a19a0494ef51cdac9a78e24d517ca48ba44c453 (patch) | |
| tree | 8eaae12d8047a40e29d3ea7ff3116b5c869e04bd /config/initializers/content_security_policy.rb | |
| parent | 85a01e35274b8d4d4165a7b26bd7986e211246bb (diff) | |
| parent | 1853082fcd8c067390c246f9daa01a9b47387497 (diff) | |
Migration from Rails 2.3.5 to Rails 8.1 successful.
Merging dev branch.
Diffstat (limited to 'config/initializers/content_security_policy.rb')
| -rw-r--r-- | config/initializers/content_security_policy.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..d51d713 --- /dev/null +++ b/config/initializers/content_security_policy.rb | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | # Be sure to restart your server when you modify this file. | ||
| 2 | |||
| 3 | # Define an application-wide content security policy. | ||
| 4 | # See the Securing Rails Applications Guide for more information: | ||
| 5 | # https://guides.rubyonrails.org/security.html#content-security-policy-header | ||
| 6 | |||
| 7 | # Rails.application.configure do | ||
| 8 | # config.content_security_policy do |policy| | ||
| 9 | # policy.default_src :self, :https | ||
| 10 | # policy.font_src :self, :https, :data | ||
| 11 | # policy.img_src :self, :https, :data | ||
| 12 | # policy.object_src :none | ||
| 13 | # policy.script_src :self, :https | ||
| 14 | # policy.style_src :self, :https | ||
| 15 | # # Specify URI for violation reports | ||
| 16 | # # policy.report_uri "/csp-violation-report-endpoint" | ||
| 17 | # end | ||
| 18 | # | ||
| 19 | # # Generate session nonces for permitted importmap, inline scripts, and inline styles. | ||
| 20 | # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } | ||
| 21 | # config.content_security_policy_nonce_directives = %w(script-src style-src) | ||
| 22 | # | ||
| 23 | # # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag` | ||
| 24 | # # if the corresponding directives are specified in `content_security_policy_nonce_directives`. | ||
| 25 | # # config.content_security_policy_nonce_auto = true | ||
| 26 | # | ||
| 27 | # # Report violations without enforcing the policy. | ||
| 28 | # # config.content_security_policy_report_only = true | ||
| 29 | # end | ||
