diff options
author | David Yip <yipdw@member.fsf.org> | 2018-04-13 16:36:46 -0500 |
---|---|---|
committer | David Yip <yipdw@member.fsf.org> | 2018-04-13 16:36:46 -0500 |
commit | ed490b781f9347b77eb2305e33ba6dd83f3539b0 (patch) | |
tree | 4f958ce8da072e35ef654cf5ae0a152f613f3ad8 /config/initializers/content_security_policy.rb | |
parent | a817f084eafaf5527445c29ab1d68f42b1a2872f (diff) | |
parent | 50529cbceb84e611bca497624a7a4c38113e5135 (diff) |
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts: Gemfile.lock config/application.rb
Diffstat (limited to 'config/initializers/content_security_policy.rb')
-rw-r--r-- | config/initializers/content_security_policy.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 000000000..37f2c0d45 --- /dev/null +++ b/config/initializers/content_security_policy.rb @@ -0,0 +1,20 @@ +# Define an application-wide content security policy +# For further information see the following documentation +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + +# Rails.application.config.content_security_policy do |p| +# p.default_src :self, :https +# p.font_src :self, :https, :data +# p.img_src :self, :https, :data +# p.object_src :none +# p.script_src :self, :https +# p.style_src :self, :https, :unsafe_inline +# +# # Specify URI for violation reports +# # p.report_uri "/csp-violation-report-endpoint" +# end + +# Report CSP violations to a specified URI +# For further information see the following documentation: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# Rails.application.config.content_security_policy_report_only = true |