Created
February 9, 2018 03:57
-
-
Save joeybeninghove/44f1d548726075e291974e3ac281a205 to your computer and use it in GitHub Desktop.
config/initializers/content_security_policy.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define an application-wide content security policy | |
| # For further information see the following documentation | |
| # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy | |
| Rails.application.config.content_security_policy do |p| | |
| p.default_src :self, :https | |
| p.font_src :self, :https, :data | |
| p.img_src :self, :https, :data | |
| p.object_src :none | |
| p.script_src :self, :https | |
| p.style_src :self, :https, :unsafe_inline | |
| p.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" | |
| # Specify URI for violation reports | |
| # p.report_uri "/csp-violation-report-endpoint" | |
| end | |
| # Report CSP violations to a specified URI | |
| # For further information see the following documentation: | |
| # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only | |
| # Rails.application.config.content_security_policy_report_only = true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment