Contents

module GovukPublishingComponents
  class ApplicationController < ActionController::Base
    helper ::Rails.application.helpers
    protect_from_forgery with: :exception
    before_action :set_x_frame_options_header
    before_action :set_disable_slimmer_header

    if defined? content_security_policy
      content_security_policy do |p|
        # don't do anything if the app doesn't have a content security policy
        next unless p.directives.any?

        # Unfortunately the axe core script uses a dependency that uses eval
        # see: https://github.com/dequelabs/axe-core/issues/1175
        # Thus all components shown by govuk_publishing_components need this
        # enabled
        p.script_src(*p.script_src, :unsafe_eval)
      end
    end

  private

    def set_x_frame_options_header
      response.headers["X-Frame-Options"] = "ALLOWALL"
    end

    def set_disable_slimmer_header
      response.headers["X-Slimmer-Skip"] = "true"
    end
  end
end

Version data entries

308 entries across 308 versions & 1 rubygems

Version	Path
govuk_publishing_components-29.10.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.9.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.8.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.7.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.6.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.5.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.4.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.3.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.2.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.1.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.0.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-29.0.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.9.2	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.9.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.9.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.8.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.8.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.7.1	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.6.0	app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-28.5.0	app/controllers/govuk_publishing_components/application_controller.rb