class ActionDispatch::ContentSecurityPolicy::Middleware

def call(env)

def call(env)
  request = ActionDispatch::Request.new env
  _, headers, _ = response = @app.call(env)
  return response unless html_response?(headers)
  return response if policy_present?(headers)
  if policy = request.content_security_policy
    nonce = request.content_security_policy_nonce
    context = request.controller_instance || request
    headers[header_name(request)] = policy.build(context, nonce)
  end
  response
end

def header_name(request)

def header_name(request)
  if request.content_security_policy_report_only
    POLICY_REPORT_ONLY
  else
    POLICY
  end
end

def html_response?(headers)

def html_response?(headers)
  if content_type = headers[CONTENT_TYPE]
    content_type =~ /html/
  end
end

def initialize(app)

def initialize(app)
  @app = app
end

def policy_present?(headers)

def policy_present?(headers)
  headers[POLICY] || headers[POLICY_REPORT_ONLY]
end

Modules

Classes

class ActionDispatch::ContentSecurityPolicy::Middleware

def call(env)

def header_name(request)

def html_response?(headers)

def initialize(app)

def policy_present?(headers)

Namespace

Instance Methods

Defined in