class ActionDispatch::ContentSecurityPolicy::Middleware

def call(env)

def call(env)
  status, headers, _ = response = @app.call(env)
  # Returning CSP headers with a 304 Not Modified is harmful, since nonces in the new
  # CSP headers might not match nonces in the cached HTML.
  return response if status == 304
  return response if policy_present?(headers)
  request = ActionDispatch::Request.new env
  if policy = request.content_security_policy
    nonce = request.content_security_policy_nonce
    nonce_directives = request.content_security_policy_nonce_directives
    context = request.controller_instance || request
    headers[header_name(request)] = policy.build(context, nonce, nonce_directives)
  end
  response
end

Instance Methods

# call
# header_name
# initialize
# policy_present?

Modules

Classes

class ActionDispatch::ContentSecurityPolicy::Middleware

def call(env)

Instance Methods