class ActionDispatch::ContentSecurityPolicy::Middleware
Constants
- CONTENT_TYPE
- POLICY
- POLICY_REPORT_ONLY
Public Class Methods
new(app)
click to toggle source
# File lib/action_dispatch/http/content_security_policy.rb, line 12 def initialize(app) @app = app end
Public Instance Methods
call(env)
click to toggle source
# File lib/action_dispatch/http/content_security_policy.rb, line 16 def call(env) request = ActionDispatch::Request.new env _, headers, _ = response = @app.call(env) return response unless html_response?(headers) return response if policy_present?(headers) if policy = request.content_security_policy nonce = request.content_security_policy_nonce nonce_directives = request.content_security_policy_nonce_directives context = request.controller_instance || request headers[header_name(request)] = policy.build(context, nonce, nonce_directives) end response end
Private Instance Methods
header_name(request)
click to toggle source
# File lib/action_dispatch/http/content_security_policy.rb, line 40 def header_name(request) if request.content_security_policy_report_only POLICY_REPORT_ONLY else POLICY end end
html_response?(headers)
click to toggle source
# File lib/action_dispatch/http/content_security_policy.rb, line 34 def html_response?(headers) if content_type = headers[CONTENT_TYPE] /html/.match?(content_type) end end
policy_present?(headers)
click to toggle source
# File lib/action_dispatch/http/content_security_policy.rb, line 48 def policy_present?(headers) headers[POLICY] || headers[POLICY_REPORT_ONLY] end