Class: Middleware::GtmScriptNonceInjector
- Inherits:
-
Object
- Object
- Middleware::GtmScriptNonceInjector
- Defined in:
- lib/middleware/gtm_script_nonce_injector.rb
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app, settings = {}) ⇒ GtmScriptNonceInjector
constructor
A new instance of GtmScriptNonceInjector.
Constructor Details
#initialize(app, settings = {}) ⇒ GtmScriptNonceInjector
Returns a new instance of GtmScriptNonceInjector.
5 6 7 |
# File 'lib/middleware/gtm_script_nonce_injector.rb', line 5 def initialize(app, settings = {}) @app = app end |
Instance Method Details
#call(env) ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/middleware/gtm_script_nonce_injector.rb', line 9 def call(env) status, headers, response = @app.call(env) if nonce_placeholder = headers.delete("Discourse-GTM-Nonce-Placeholder") nonce = SecureRandom.hex parts = [] response.each { |part| parts << part.to_s.sub(nonce_placeholder, nonce) } %w[Content-Security-Policy Content-Security-Policy-Report-Only].each do |name| next if headers[name].blank? headers[name] = headers[name].sub("script-src ", "script-src 'nonce-#{nonce}' ") end [status, headers, parts] else [status, headers, response] end end |