diff options
Diffstat (limited to 'config/initializers')
-rw-r--r-- | config/initializers/assets.rb | 12 | ||||
-rw-r--r-- | config/initializers/content_security_policy.rb | 25 | ||||
-rw-r--r-- | config/initializers/filter_parameter_logging.rb | 8 | ||||
-rw-r--r-- | config/initializers/inflections.rb | 16 | ||||
-rw-r--r-- | config/initializers/permissions_policy.rb | 13 |
5 files changed, 74 insertions, 0 deletions
diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb new file mode 100644 index 0000000..2eeef96 --- /dev/null +++ b/config/initializers/assets.rb | |||
@@ -0,0 +1,12 @@ | |||
1 | # Be sure to restart your server when you modify this file. | ||
2 | |||
3 | # Version of your assets, change this if you want to expire all your assets. | ||
4 | Rails.application.config.assets.version = "1.0" | ||
5 | |||
6 | # Add additional assets to the asset load path. | ||
7 | # Rails.application.config.assets.paths << Emoji.images_path | ||
8 | |||
9 | # Precompile additional assets. | ||
10 | # application.js, application.css, and all non-JS/CSS in the app/assets | ||
11 | # folder are already added. | ||
12 | # Rails.application.config.assets.precompile += %w( admin.js admin.css ) | ||
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 0000000..b3076b3 --- /dev/null +++ b/config/initializers/content_security_policy.rb | |||
@@ -0,0 +1,25 @@ | |||
1 | # Be sure to restart your server when you modify this file. | ||
2 | |||
3 | # Define an application-wide content security policy. | ||
4 | # See the Securing Rails Applications Guide for more information: | ||
5 | # https://guides.rubyonrails.org/security.html#content-security-policy-header | ||
6 | |||
7 | # Rails.application.configure do | ||
8 | # config.content_security_policy do |policy| | ||
9 | # policy.default_src :self, :https | ||
10 | # policy.font_src :self, :https, :data | ||
11 | # policy.img_src :self, :https, :data | ||
12 | # policy.object_src :none | ||
13 | # policy.script_src :self, :https | ||
14 | # policy.style_src :self, :https | ||
15 | # # Specify URI for violation reports | ||
16 | # # policy.report_uri "/csp-violation-report-endpoint" | ||
17 | # end | ||
18 | # | ||
19 | # # Generate session nonces for permitted importmap, inline scripts, and inline styles. | ||
20 | # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } | ||
21 | # config.content_security_policy_nonce_directives = %w(script-src style-src) | ||
22 | # | ||
23 | # # Report violations without enforcing the policy. | ||
24 | # # config.content_security_policy_report_only = true | ||
25 | # end | ||
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb new file mode 100644 index 0000000..c2d89e2 --- /dev/null +++ b/config/initializers/filter_parameter_logging.rb | |||
@@ -0,0 +1,8 @@ | |||
1 | # Be sure to restart your server when you modify this file. | ||
2 | |||
3 | # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. | ||
4 | # Use this to limit dissemination of sensitive information. | ||
5 | # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. | ||
6 | Rails.application.config.filter_parameters += [ | ||
7 | :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn | ||
8 | ] | ||
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb new file mode 100644 index 0000000..3860f65 --- /dev/null +++ b/config/initializers/inflections.rb | |||
@@ -0,0 +1,16 @@ | |||
1 | # Be sure to restart your server when you modify this file. | ||
2 | |||
3 | # Add new inflection rules using the following format. Inflections | ||
4 | # are locale specific, and you may define rules for as many different | ||
5 | # locales as you wish. All of these examples are active by default: | ||
6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| | ||
7 | # inflect.plural /^(ox)$/i, "\\1en" | ||
8 | # inflect.singular /^(ox)en/i, "\\1" | ||
9 | # inflect.irregular "person", "people" | ||
10 | # inflect.uncountable %w( fish sheep ) | ||
11 | # end | ||
12 | |||
13 | # These inflection rules are supported but not enabled by default: | ||
14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| | ||
15 | # inflect.acronym "RESTful" | ||
16 | # end | ||
diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 0000000..7db3b95 --- /dev/null +++ b/config/initializers/permissions_policy.rb | |||
@@ -0,0 +1,13 @@ | |||
1 | # Be sure to restart your server when you modify this file. | ||
2 | |||
3 | # Define an application-wide HTTP permissions policy. For further | ||
4 | # information see: https://developers.google.com/web/updates/2018/06/feature-policy | ||
5 | |||
6 | # Rails.application.config.permissions_policy do |policy| | ||
7 | # policy.camera :none | ||
8 | # policy.gyroscope :none | ||
9 | # policy.microphone :none | ||
10 | # policy.usb :none | ||
11 | # policy.fullscreen :self | ||
12 | # policy.payment :self, "https://secure.example.com" | ||
13 | # end | ||