class ActionDispatch::PermissionsPolicy::Middleware
Constants
- CONTENT_TYPE
- POLICY
The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn't yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.
Public Class Methods
new(app)
click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 16 def initialize(app) @app = app end
Public Instance Methods
call(env)
click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 20 def call(env) request = ActionDispatch::Request.new(env) _, headers, _ = response = @app.call(env) return response unless html_response?(headers) return response if policy_present?(headers) if policy = request.permissions_policy headers[POLICY] = policy.build(request.controller_instance) end if policy_empty?(policy) headers.delete(POLICY) end response end
Private Instance Methods
html_response?(headers)
click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 39 def html_response?(headers) if content_type = headers[CONTENT_TYPE] /html/.match?(content_type) end end
policy_empty?(policy)
click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 49 def policy_empty?(policy) policy&.directives&.empty? end
policy_present?(headers)
click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 45 def policy_present?(headers) headers[POLICY] end