diff options
| author | Starfall <us@starfall.systems> | 2023-01-17 11:41:05 -0600 |
|---|---|---|
| committer | Starfall <us@starfall.systems> | 2023-01-17 11:41:05 -0600 |
| commit | 1f9c919b8769f5b0a3424ef343e0049d33d656e3 (patch) | |
| tree | 1853486629da4b3b76192fe8756e8d4f6d71adcb /app/controllers/api/base_controller.rb | |
| parent | 957c21273ff42d5b2b4a5e16b7869bbb09aeb865 (diff) | |
| parent | 13227e1dafd308dfe1a3effc3379b766274809b3 (diff) | |
Merge remote-tracking branch 'glitch/main'
Diffstat (limited to 'app/controllers/api/base_controller.rb')
| -rw-r--r-- | app/controllers/api/base_controller.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index defef0656..41f3ce2ee 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -16,6 +16,26 @@ class Api::BaseController < ApplicationController protect_from_forgery with: :null_session + content_security_policy do |p| + # Set every directive that does not have a fallback + p.default_src :none + p.frame_ancestors :none + p.form_action :none + + # Disable every directive with a fallback to cut on response size + p.base_uri false + p.font_src false + p.img_src false + p.style_src false + p.media_src false + p.frame_src false + p.manifest_src false + p.connect_src false + p.script_src false + p.child_src false + p.worker_src false + end + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| render json: { error: e.to_s }, status: 422 end |