class ContentSecurityPolicy
Ruby on Rails 7.0.10
Since v5.2.8.1Configures the HTTP Content-Security-Policy response header to help protect against XSS and injection attacks.
Example global policy:
Rails.application.config.content_security_policy do |policy| policy.default_src :self, :https policy.font_src :self, :https, :data policy.img_src :self, :https, :data policy.object_src :none policy.script_src :self, :https policy.style_src :self, :https # Specify URI for violation reports policy.report_uri "/csp-violation-report-endpoint" end
Inherits from
Namespace
Modules
Classes
Constants
Attributes
Methods (defined here)
- # block_all_mixed_content
- # build
- # initialize_copy
- # plugin_types
- # report_uri
- # require_sri_for
- # sandbox
- # upgrade_insecure_requests
- self. new
Private methods
(7)
Implementation detail — not part of the public API.
Methods (inherited)
From Object (16)
- # acts_like?
- # blank?
- # deep_dup
- # duplicable?
- # html_safe?
- # in?
- # instance_values
- # instance_variable_names
- # presence
- # presence_in
- # present?
- # to_param
- # to_query
- # try
- # try!
- # with_options
From ActiveRecord::TestFixtures (4)
From ActiveSupport::Concern (3)
- # class_methods
- # included
- # prepended