diff options
author | Christopher Baines <mail@cbaines.net> | 2018-10-10 08:03:13 +0100 |
---|---|---|
committer | Christopher Baines <mail@cbaines.net> | 2018-10-11 18:27:05 +0100 |
commit | 8af754e1087d662ab68964aa67685d48b8e7c4fc (patch) | |
tree | a4b6e0d3c07ca10a32dfb802d8072aff75944d13 /testapp/config/initializers/content_security_policy.rb | |
parent | 6516fc56b91f91aae7a082f662bf5cf9afd1149c (diff) | |
download | guix-demo-8af754e1087d662ab68964aa67685d48b8e7c4fc.tar guix-demo-8af754e1087d662ab68964aa67685d48b8e7c4fc.tar.gz |
Run rails new testapp --skip-bundle
Diffstat (limited to 'testapp/config/initializers/content_security_policy.rb')
-rw-r--r-- | testapp/config/initializers/content_security_policy.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/testapp/config/initializers/content_security_policy.rb b/testapp/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..d3bcaa5 --- /dev/null +++ b/testapp/config/initializers/content_security_policy.rb @@ -0,0 +1,25 @@ +# Be sure to restart your server when you modify this file. + +# Define an application-wide content security policy +# For further information see the following documentation +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + +# Rails.application.config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https + +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end + +# If you are using UJS then enable automatic nonce generation +# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } + +# Report CSP violations to a specified URI +# For further information see the following documentation: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# Rails.application.config.content_security_policy_report_only = true |