Class: BaseActionController

Inherits:

ActionController::Base

Object
ActionController::Base
BaseActionController

show all

Extended by:: ContentSecurityPolicyPatch

Includes:: CurrentOrganization

Defined in:: app/controllers/base_action_controller.rb

Overview

GitLab lightweight base action controller

This class should be limited to content that is desired/required for all controllers in GitLab.

Most controllers inherit from ApplicationController. Some controllers don’t want or need all of that logic and instead inherit from ActionController::Base. This makes it difficult to set security headers and handle other critical logic across all controllers.

Between this controller and ApplicationController no controller should ever inherit directly from ActionController::Base

rubocop:disable Rails/ApplicationController – This class is specifically meant as a base class for controllers that don’t inherit from ApplicationController rubocop:disable Gitlab/NamespacedClass – Base controllers live in the global namespace

Direct Known Subclasses

API::Graphql::GraphqlExplorerController, AcmeChallengesController, ApplicationController, ChaosController, EventForward::EventForwardController, Gitlab::BaseDoorkeeperController, Gitlab::RequestForgeryProtection::Controller, HealthController, MetricsController

Instance Method Summary collapse

#append_to_content_security_policy(policy, directive, values) ⇒ Object

Methods included from ContentSecurityPolicyPatch

content_security_policy_with_context

Methods included from CurrentOrganization

#set_current_organization

Instance Method Details

#append_to_content_security_policy(policy, directive, values) ⇒ `Object`

# File 'app/controllers/base_action_controller.rb', line 33

def append_to_content_security_policy(policy, directive, values)
  existing_value = policy.directives[directive] || policy.directives['default-src']
  new_value = Array.wrap(existing_value) | values
  policy.directives[directive] = new_value
end