about summary refs log tree commit diff
path: root/config/initializers/content_security_policy.rb
diff options
context:
space:
mode:
authorYamagishi Kazutoshi <ykzts@desire.sh>2018-04-12 21:45:17 +0900
committerEugen Rochko <eugen@zeonfederated.com>2018-04-12 14:45:17 +0200
commit50529cbceb84e611bca497624a7a4c38113e5135 (patch)
tree753e4e8975f0404717e451fceb64d341f19435fc /config/initializers/content_security_policy.rb
parent8e88a18316d45a459a31d67487bccc247592d187 (diff)
Upgrade Rails to version 5.2.0 (#5898)
Diffstat (limited to 'config/initializers/content_security_policy.rb')
-rw-r--r--config/initializers/content_security_policy.rb20


1 files changed, 20 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
new file mode 100644
index 000000000..37f2c0d45
--- /dev/null
+++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,20 @@
+# Define an application-wide content security policy
+# For further information see the following documentation
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+# Rails.application.config.content_security_policy do |p|
+#   p.default_src :self, :https
+#   p.font_src    :self, :https, :data
+#   p.img_src     :self, :https, :data
+#   p.object_src  :none
+#   p.script_src  :self, :https
+#   p.style_src   :self, :https, :unsafe_inline
+#
+#   # Specify URI for violation reports
+#   # p.report_uri "/csp-violation-report-endpoint"
+# end
+
+# Report CSP violations to a specified URI
+# For further information see the following documentation:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+# Rails.application.config.content_security_policy_report_only = true

 

generated by cgit-pink  (git 2.37.1) at 2024-06-30 14:09:01 +0000