ActionController::ContentSecurityPolicy::ClassMethods

方法

C

content_security_policy,
content_security_policy_report_only

執行個體公開方法

content_security_policy(enabled = true, **options, &block) 連結

覆寫已全域組態的 Content-Security-Policy 標頭部分

class PostsController < ApplicationController
  content_security_policy do |policy|
    policy.base_uri "https://www.example.com"
  end
end

可傳遞選項類似於 before_action。例如，傳遞 only: :index 以僅對索引動作覆寫標頭

class PostsController < ApplicationController
  content_security_policy(only: :index) do |policy|
    policy.default_src :self, :https
  end
end

傳遞 false 來移除 Content-Security-Policy 標頭

class PostsController < ApplicationController
  content_security_policy false, only: :index
end

來源：顯示 | 查看 GitHub

# File actionpack/lib/action_controller/metal/content_security_policy.rb, line 40
def content_security_policy(enabled = true, **options, &block)
  before_action(options) do
    if block_given?
      policy = current_content_security_policy
      instance_exec(policy, &block)
      request.content_security_policy = policy
    end

    unless enabled
      request.content_security_policy = nil
    end
  end
end

content_security_policy_report_only(report_only = true, **options) 連結

覆寫已全域組態的 Content-Security-Policy-Report-Only 標頭

class PostsController < ApplicationController
  content_security_policy_report_only only: :index
end

傳遞 false 來移除 Content-Security-Policy-Report-Only 標頭

class PostsController < ApplicationController
  content_security_policy_report_only false, only: :index
end

來源：顯示 | 查看 GitHub

# File actionpack/lib/action_controller/metal/content_security_policy.rb, line 66
def content_security_policy_report_only(report_only = true, **options)
  before_action(options) do
    request.content_security_policy_report_only = report_only
  end
end

模組 ActionController::ContentSecurityPolicy::ClassMethods

執行個體公開方法

content_security_policy(enabled = true, **options, &block) 連結

content_security_policy_report_only(report_only = true, **options) 連結