方法
实例公共方法
content_security_policy(enabled = true, **options, &block) 链接
覆盖全局配置的 Content-Security-Policy 头部部分
class PostsController < ApplicationController
content_security_policy do |policy|
policy.base_uri "https://www.example.com"
end
end
可以像 before_action 一样传递选项。例如,传递 only: :index 仅覆盖索引操作的头部
class PostsController < ApplicationController
content_security_policy(only: :index) do |policy|
policy.default_src :self, :https
end
end
传递 false 以移除 Content-Security-Policy 头部
class PostsController < ApplicationController
content_security_policy false, only: :index
end
来源: 显示 | 在 GitHub 上
# File actionpack/lib/action_controller/metal/content_security_policy.rb, line 40 def content_security_policy(enabled = true, **options, &block) before_action(options) do if block_given? policy = current_content_security_policy instance_exec(policy, &block) request.content_security_policy = policy end unless enabled request.content_security_policy = nil end end end
content_security_policy_report_only(report_only = true, **options) 链接
覆盖全局配置的 Content-Security-Policy-Report-Only 头部
class PostsController < ApplicationController
content_security_policy_report_only only: :index
end
传递 false 以移除 Content-Security-Policy-Report-Only 头部
class PostsController < ApplicationController
content_security_policy_report_only false, only: :index
end
来源: 显示 | 在 GitHub 上
# File actionpack/lib/action_controller/metal/content_security_policy.rb, line 66 def content_security_policy_report_only(report_only = true, **options) before_action(options) do request.content_security_policy_report_only = report_only end end