Method: ContentSecurityPolicy#initialize

Defined in:
lib/content-security-policy/middleware.rb

#initialize(app, options = {}) ⇒ ContentSecurityPolicy

Initializes Content Security Policy middleware.

Examples:

use ContentSecurityPolicy, :directives => { 'default-src' => "'self'" }
use ContentSecurityPolicy, :directives => { 'default-src' => "'self'" }, :report_only => true

Options Hash (options):

  • :report_only (Boolean)

    Set to true if use in report-only mode

  • :directives (Hash)

    Directives hash



20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/content-security-policy/middleware.rb', line 20

def initialize(app, options = {})
  @app = app
  @report_only = options[:report_only] || ContentSecurityPolicy.report_only
  @directives  = options[:directives]  || ContentSecurityPolicy.directives

  @directives or raise NoDirectivesError, 'No directives were passed.'

  # make sure directives with policy-uri don't contain any other directives
  if @directives['policy-uri'] && @directives.keys.length > 1
    raise IncorrectDirectivesError, 'You passed both policy-uri and other directives.'
  end
end