Contents

module GovukPublishingComponents
  class ApplicationController < ActionController::Base
    helper ::Rails.application.helpers
    protect_from_forgery with: :exception
    before_action :set_x_frame_options_header
    before_action :set_disable_slimmer_header

    if defined? content_security_policy
      content_security_policy do |p|
        # don't do anything if the app doesn't have a content security policy
        next unless p.directives.any?

        # Unfortunately the axe core script uses a dependency that uses eval
        # see: https://github.com/dequelabs/axe-core/issues/1175
        # Thus all components shown by govuk_publishing_components need this
        # enabled
        p.script_src(*p.script_src, :unsafe_eval)
      end
    end

  private

    def set_x_frame_options_header
      response.headers["X-Frame-Options"] = "ALLOWALL"
    end

    def set_disable_slimmer_header
      response.headers["X-Slimmer-Skip"] = "true"
    end
  end
end

Version data entries

308 entries across 308 versions & 1 rubygems

Version	Path
govuk_publishing_components-34.2.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-34.1.3	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-34.1.2	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-34.1.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-34.1.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-34.0.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-33.1.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-33.0.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-32.1.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-32.0.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-31.2.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-31.1.2	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-31.1.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-31.1.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-31.0.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-30.7.3	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-30.7.2	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-30.7.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-30.7.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-30.6.1	app/controllers/govuk_publishing_components/application_controller.rb