Sha256: ac28334d60ff2c0f5fec92befb85652389b87c46a2c55f3a83335203c833538d

Contents?: true

Size: 909 Bytes

Versions: 13

Compression:

Stored size: 909 Bytes

Contents

module GovukPublishingComponents
  class ApplicationController < ActionController::Base
    helper ::Rails.application.helpers
    protect_from_forgery with: :exception
    before_action :set_x_frame_options_header
    before_action :set_disable_slimmer_header

    content_security_policy do |p|
      # don't do anything if the app doesn't have a content security policy
      next unless p.directives.any?

      # Unfortunately the axe core script uses a dependency that uses eval
      # see: https://github.com/dequelabs/axe-core/issues/1175
      # Thus all components shown by govuk_publishing_components need this
      # enabled
      p.script_src(*p.script_src, :unsafe_eval)
    end

  private

    def set_x_frame_options_header
      response.headers["X-Frame-Options"] = "ALLOWALL"
    end

    def set_disable_slimmer_header
      response.headers["X-Slimmer-Skip"] = "true"
    end
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version Path
govuk_publishing_components-21.13.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.12.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.11.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.10.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.9.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.8.1 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.8.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.7.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.6.1 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.6.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.5.0 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.4.1 app/controllers/govuk_publishing_components/application_controller.rb
govuk_publishing_components-21.4.0 app/controllers/govuk_publishing_components/application_controller.rb