Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Full-featured Content Security Policy as Rack middleware
Ruby
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
spec
.travis.yml
Gemfile
LICENSE
README.md
Rakefile
content-security-policy.gemspec

README.md

Content Security Policy

Build Status

Implementation of Content Security Policy as Rack middleware.

More information about Content Security Policy - http://www.w3.org/TR/CSP/.

Installation

Install as usually gem install content-security-policy

Usage

Add Content Security Policy to your Rack configuration config.ru.

require 'content-security-policy'

ContentSecurityPolicy.configure do |csp|
  csp['default-src'] = "'self'"
  csp['script-src']  = '*.example.com'
end

use ContentSecurityPolicy
run MyApplication

You can also pass directives during initialization.

require 'content-security-policy'

use ContentSecurityPolicy, :directives => { 'policy-uri' => 'policy.xml' }
run MyApplication

You can also use report-only mode.

require 'content-security-policy'

ContentSecurityPolicy.configure do |csp|
  csp.report_only = true
  csp['default-src'] = "'self'"
  csp['script-src']  = '*.example.com'
end

use ContentSecurityPolicy
run MyApplication
require 'content-security-policy'

use ContentSecurityPolicy, :directives => { 'policy-uri' => 'policy.xml' }, :report_only => true
run MyApplication

Status

Content Security Policy is now implemented with Content-Security-Policy (official name), X-Content-Security-Policy (Firefox and IE) and X-WebKit-CSP (Chrome and Safari) headers.

Copyright

Copyright (c) 2012 Alexey Rodionov. See LICENSE for details.

Something went wrong with that request. Please try again.