Class: Gitlab::ContentSecurityPolicy::ConfigLoader

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/content_security_policy/config_loader.rb

Constant Summary collapse

DIRECTIVES =
%w(base_uri child_src connect_src default_src font_src
form_action frame_ancestors frame_src img_src manifest_src
media_src object_src report_uri script_src style_src worker_src).freeze

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(csp_directives) ⇒ ConfigLoader

Returns a new instance of ConfigLoader.


18
19
20
# File 'lib/gitlab/content_security_policy/config_loader.rb', line 18

def initialize(csp_directives)
  @csp_directives = HashWithIndifferentAccess.new(csp_directives)
end

Class Method Details

.default_settings_hashObject


10
11
12
13
14
15
16
# File 'lib/gitlab/content_security_policy/config_loader.rb', line 10

def self.default_settings_hash
  {
    'enabled' => false,
    'report_only' => false,
    'directives' => DIRECTIVES.each_with_object({}) { |directive, hash| hash[directive] = nil }
  }
end

Instance Method Details

#load(policy) ⇒ Object


22
23
24
25
26
27
28
29
30
# File 'lib/gitlab/content_security_policy/config_loader.rb', line 22

def load(policy)
  DIRECTIVES.each do |directive|
    arguments = arguments_for(directive)

    next unless arguments.present?

    policy.public_send(directive, *arguments) # rubocop:disable GitlabSecurity/PublicSend
  end
end