Module: ContentSecurityPolicyPatch
- Included in:
- ApplicationController
- Defined in:
- app/controllers/concerns/content_security_policy_patch.rb
Overview
‘content_security_policy_with_context` makes the caller’s context available to the invoked block, as this is currently not accessible from ‘content_security_policy`
This patch is available in content_security_policy starting with Rails 7.2. Refs: github.com/rails/rails/pull/45115.
Instance Method Summary collapse
Instance Method Details
#content_security_policy_with_context(enabled = true, **options, &block) ⇒ Object
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'app/controllers/concerns/content_security_policy_patch.rb', line 10 def content_security_policy_with_context(enabled = true, **, &block) if Rails.gem_version >= Gem::Version.new("7.2") ActiveSupport::Deprecation.warn( "content_security_policy_with_context should only be used with Rails < 7.2. Use content_security_policy instead.") end before_action() do if block policy = current_content_security_policy instance_exec(policy, &block) request.content_security_policy = policy end request.content_security_policy = nil unless enabled end end |