Contents

module GovukPublishingComponents
  class ApplicationController < ActionController::Base
    helper ::Rails.application.helpers
    protect_from_forgery with: :exception
    before_action :set_x_frame_options_header
    before_action :set_disable_slimmer_header

    if defined? content_security_policy
      content_security_policy do |p|
        # don't do anything if the app doesn't have a content security policy
        next unless p.directives.any?

        # Unfortunately the axe core script uses a dependency that uses eval
        # see: https://github.com/dequelabs/axe-core/issues/1175
        # Thus all components shown by govuk_publishing_components need this
        # enabled
        p.script_src(*p.script_src, :unsafe_eval)
      end
    end

  private

    def set_x_frame_options_header
      response.headers["X-Frame-Options"] = "ALLOWALL"
    end

    def set_disable_slimmer_header
      response.headers["X-Slimmer-Skip"] = "true"
    end
  end
end

Version data entries

308 entries across 308 versions & 1 rubygems

Version	Path
govuk_publishing_components-21.15.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.15.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.14.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.13.5	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.13.4	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.13.3	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.13.2	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.13.1	app/controllers/govuk_publishing_components/application_controller.rb