better_content_security_policy 0.1.1 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2279cf6665b6afbe530676d3416595e389659c8290a41b6a09dde1841b400ef6
|
4
|
+
data.tar.gz: c4aa540132d0606d0b2748eaa2dad38fc9b7f3122777c079aa10742a5fe3198b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz: '
|
6
|
+
metadata.gz: 26dffa1cf6fbeadf3402d4f222b7a9d9b94a2ba0175a52f308cb34530bd7d178900b4de83cee0c4fc80cbc51be7dd58306cd81045a726b7ca2300cec9b5d9280
|
7
|
+
data.tar.gz: '0018cb0d86aa3cca6b58b7148a4ffbc760261f119732b4b03acd1a95762467d2387505efebbaf92c4ec592fea895e2c07272c6212f26232d9bfdf455dd4eed5b'
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -25,11 +25,13 @@ If bundler is not being used to manage dependencies, install the gem by executin
|
|
25
25
|
|
26
26
|
## Usage
|
27
27
|
|
28
|
-
Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController
|
28
|
+
Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`,
|
29
|
+
and the line `after_action :set_content_security_policy_header`.
|
29
30
|
|
30
31
|
```ruby
|
31
32
|
class ApplicationController < ActionController::Base
|
32
33
|
include BetterContentSecurityPolicy::HasContentSecurityPolicy
|
34
|
+
after_action :set_content_security_policy_header
|
33
35
|
```
|
34
36
|
|
35
37
|
Define a `#configure_content_security_policy` method in `ApplicationController` to configure the default `Content-Security-Policy` rules:
|
@@ -81,7 +81,8 @@ module BetterContentSecurityPolicy
|
|
81
81
|
|
82
82
|
kebab_source = kebab_case(dsl_source)
|
83
83
|
return "'#{kebab_source}'" if QUOTED_SOURCES.include?(kebab_source)
|
84
|
-
return "'#{dsl_source}'" if dsl_source.start_with?("nonce-")
|
84
|
+
return "'#{dsl_source}'" if dsl_source.start_with?("nonce-") ||
|
85
|
+
dsl_source.start_with?("sha256-")
|
85
86
|
|
86
87
|
dsl_source
|
87
88
|
end
|
@@ -6,6 +6,7 @@ module BetterContentSecurityPolicy
|
|
6
6
|
# Include this module in your ApplicationController to configure a dynamic Content Security Policy.
|
7
7
|
# The header will be set in an after_action after the response has been rendered.
|
8
8
|
# This means that you can also modify the policy in your views.
|
9
|
+
# You must call 'after_action :set_content_security_policy_header' in your own controller.
|
9
10
|
module HasContentSecurityPolicy
|
10
11
|
extend ActiveSupport::Concern
|
11
12
|
|
@@ -14,7 +15,6 @@ module BetterContentSecurityPolicy
|
|
14
15
|
|
15
16
|
helper_method :content_security_policy
|
16
17
|
before_action :configure_content_security_policy
|
17
|
-
after_action :set_content_security_policy_header
|
18
18
|
end
|
19
19
|
|
20
20
|
def content_security_policy
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: better_content_security_policy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nathan Broadbent
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-10-
|
11
|
+
date: 2022-10-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|