Class: ContentSecurityPolicy::Middleware

Inherits:

Object

Object
ContentSecurityPolicy::Middleware

show all

Defined in:: lib/content_security_policy/middleware.rb

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ Middleware constructor

A new instance of Middleware.

Constructor Details

#initialize(app) ⇒ `Middleware`

Returns a new instance of Middleware.



6
7
8

# File 'lib/content_security_policy/middleware.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/content_security_policy/middleware.rb', line 10

def call(env)
  request = Rack::Request.new(env)
  _, headers, _ = response = @app.call(env)

  return response unless html_response?(headers)

  # The EnforceHostname middleware ensures request.host_with_port can be trusted
  protocol = (SiteSetting.force_https || request.ssl?) ? "https://" : "http://"
  base_url = protocol + request.host_with_port + Discourse.base_path

  theme_id = env[:resolved_theme_id]

  headers["Content-Security-Policy"] = policy(
    theme_id,
    base_url: base_url,
    path_info: env["PATH_INFO"],
  ) if SiteSetting.content_security_policy
  headers["Content-Security-Policy-Report-Only"] = policy(
    theme_id,
    base_url: base_url,
    path_info: env["PATH_INFO"],
  ) if SiteSetting.content_security_policy_report_only

  response
end

Class: ContentSecurityPolicy::Middleware

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Middleware

Instance Method Details

#call(env) ⇒ Object

#initialize(app) ⇒ `Middleware`

#call(env) ⇒ `Object`