Method: ContentSecurityPolicy#_call

Defined in:
lib/content-security-policy/middleware.rb

#_call(env) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

API:

  • private



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/content-security-policy/middleware.rb', line 43

def _call(env)
  status, headers, response = @app.call(env)

  # flatten directives
  directives = @directives.sort.map { |dir| "#{dir[0]} #{dir[1]}" }.join('; ')

  # prepare response headers names
  if @report_only
    resp_headers = %w(
      Content-Security-Policy-Report-Only
      X-Content-Security-Policy-Report-Only
      X-WebKit-CSP-Report-Only
    )
  else
    resp_headers = %w(
      Content-Security-Policy
      X-Content-Security-Policy
      X-WebKit-CSP
    )
  end

  # append response header
  resp_headers.each do |resp_header|
    headers[resp_header] = directives
  end

  [status, headers, response]
end