demarches/config/initializers/content_security_policy.rb

Rails.application.configure do
	config.content_security_policy do |policy|
		policy.default_src :none
		policy.font_src :self
		policy.img_src :self
		policy.object_src :self
		policy.script_src :self
		policy.style_src :self
		policy.frame_src :self

		if Rails.env.development?
			policy.connect_src :self # LiveReload
		end
	end

	# Generate session nonces for permitted importmap, inline scripts, and inline styles.
	config.content_security_policy_nonce_generator = -> _ { SecureRandom.hex 16 }
	config.content_security_policy_nonce_directives = %w(script-src style-src)

	# config.content_security_policy_report_only = true
end
Final version 2024-09-01 14:51:03 +00:00			`Rails.application.configure do`
			`config.content_security_policy do \|policy\|`
			`policy.default_src :none`
			`policy.font_src :self`
			`policy.img_src :self`
			`policy.object_src :self`
			`policy.script_src :self`
			`policy.style_src :self`
			`policy.frame_src :self`
Init project 2024-06-08 17:56:04 +00:00
Final version 2024-09-01 14:51:03 +00:00			`if Rails.env.development?`
			`policy.connect_src :self # LiveReload`
			`end`
			`end`
Init project 2024-06-08 17:56:04 +00:00
Final version 2024-09-01 14:51:03 +00:00			`# Generate session nonces for permitted importmap, inline scripts, and inline styles.`
			`config.content_security_policy_nonce_generator = -> _ { SecureRandom.hex 16 }`
			`config.content_security_policy_nonce_directives = %w(script-src style-src)`

			`# config.content_security_policy_report_only = true`
			`end`