diff options
Diffstat (limited to 'rails/test/dummy/config/initializers/content_security_policy.rb')
-rw-r--r-- | rails/test/dummy/config/initializers/content_security_policy.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/rails/test/dummy/config/initializers/content_security_policy.rb b/rails/test/dummy/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..54f47cf --- /dev/null +++ b/rails/test/dummy/config/initializers/content_security_policy.rb | |||
@@ -0,0 +1,25 @@ | |||
1 | # Be sure to restart your server when you modify this file. | ||
2 | |||
3 | # Define an application-wide content security policy. | ||
4 | # See the Securing Rails Applications Guide for more information: | ||
5 | # https://guides.rubyonrails.org/security.html#content-security-policy-header | ||
6 | |||
7 | # Rails.application.configure do | ||
8 | # config.content_security_policy do |policy| | ||
9 | # policy.default_src :self, :https | ||
10 | # policy.font_src :self, :https, :data | ||
11 | # policy.img_src :self, :https, :data | ||
12 | # policy.object_src :none | ||
13 | # policy.script_src :self, :https | ||
14 | # policy.style_src :self, :https | ||
15 | # # Specify URI for violation reports | ||
16 | # # policy.report_uri "/csp-violation-report-endpoint" | ||
17 | # end | ||
18 | # | ||
19 | # # Generate session nonces for permitted importmap and inline scripts | ||
20 | # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } | ||
21 | # config.content_security_policy_nonce_directives = %w(script-src) | ||
22 | # | ||
23 | # # Report violations without enforcing the policy. | ||
24 | # # config.content_security_policy_report_only = true | ||
25 | # end | ||