Mercurial > rsstweet
comparison config/initializers/content_security_policy.rb @ 214:2335107f35d0
Run rails update
| author | nanaya <me@nanaya.pro> |
|---|---|
| date | Fri, 11 Dec 2020 03:47:39 +0900 |
| parents | f67f3ad50270 |
| children | ad6264cca788 |
comparison
equal
deleted
inserted
replaced
| 213:609e96a79ad8 | 214:2335107f35d0 |
|---|---|
| 17 # end | 17 # end |
| 18 | 18 |
| 19 # If you are using UJS then enable automatic nonce generation | 19 # If you are using UJS then enable automatic nonce generation |
| 20 # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } | 20 # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } |
| 21 | 21 |
| 22 # Set the nonce only to specific directives | |
| 23 # Rails.application.config.content_security_policy_nonce_directives = %w(script-src) | |
| 24 | |
| 22 # Report CSP violations to a specified URI | 25 # Report CSP violations to a specified URI |
| 23 # For further information see the following documentation: | 26 # For further information see the following documentation: |
| 24 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only | 27 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only |
| 25 # Rails.application.config.content_security_policy_report_only = true | 28 # Rails.application.config.content_security_policy_report_only = true |