Contents

class Brut::FrontEnd::RouteHooks::CSPNoInlineScripts < Brut::FrontEnd::RouteHook
  def after(response:)
    response.headers["Content-Security-Policy"] = header_value
    continue
  end

  def header_value
    [
      "default-src 'self'",
      "script-src-elem 'self'",
      "script-src-attr 'none'",
      "style-src-elem 'self'",
      "style-src-attr 'self'",
    ].join("; ")
  end

end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
brut-0.0.1	lib/brut/front_end/route_hooks/csp_no_inline_scripts.rb