module ActionController::ContentSecurityPolicy::ClassMethods

def content_security_policy(enabled = true, **options, &block)

end
content_security_policy false, only: :index
class PostsController < ApplicationController

Pass `false` to remove the `Content-Security-Policy` header:

end
end
policy.default_src :self, :https
content_security_policy(only: :index) do |policy|
class PostsController < ApplicationController

:index` to override the header on the index action only:
Options can be passed similar to `before_action`. For example, pass `only:

end
end
policy.base_uri "https://www.example.com"
content_security_policy do |policy|
class PostsController < ApplicationController

Overrides parts of the globally configured `Content-Security-Policy` header:

def content_security_policy(enabled = true, **options, &block)
  before_action(options) do
    if block_given?
      policy = current_content_security_policy
      instance_exec(policy, &block)
      request.content_security_policy = policy
    end
    unless enabled
      request.content_security_policy = nil
    end
  end
end

def content_security_policy_report_only(report_only = true, **options)

end
content_security_policy_report_only false, only: :index
class PostsController < ApplicationController

Pass `false` to remove the `Content-Security-Policy-Report-Only` header:

end
content_security_policy_report_only only: :index
class PostsController < ApplicationController

header:
Overrides the globally configured `Content-Security-Policy-Report-Only`

def content_security_policy_report_only(report_only = true, **options)
  before_action(options) do
    request.content_security_policy_report_only = report_only
  end
end

Instance Methods

Defined in

lib/action_controller/metal/content_security_policy.rb

Modules

Classes

module ActionController::ContentSecurityPolicy::ClassMethods

def content_security_policy(enabled = true, **options, &block)

def content_security_policy_report_only(report_only = true, **options)

Instance Methods

Defined in