You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

25 lines
1.0 KiB

10 months ago
  1. # Be sure to restart your server when you modify this file.
  2. # Define an application-wide content security policy.
  3. # See the Securing Rails Applications Guide for more information:
  4. # https://guides.rubyonrails.org/security.html#content-security-policy-header
  5. # Rails.application.configure do
  6. # config.content_security_policy do |policy|
  7. # policy.default_src :self, :https
  8. # policy.font_src :self, :https, :data
  9. # policy.img_src :self, :https, :data
  10. # policy.object_src :none
  11. # policy.script_src :self, :https
  12. # policy.style_src :self, :https
  13. # # Specify URI for violation reports
  14. # # policy.report_uri "/csp-violation-report-endpoint"
  15. # end
  16. #
  17. # # Generate session nonces for permitted importmap, inline scripts, and inline styles.
  18. # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
  19. # config.content_security_policy_nonce_directives = %w(script-src style-src)
  20. #
  21. # # Report violations without enforcing the policy.
  22. # # config.content_security_policy_report_only = true
  23. # end