Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #250
All PRs:
@reedloden was this what you had in mind?
This allows you to define blocks of code that produce a hash of additions to be added to the CSP for a given request. The current request object is passed to the block. The result of the hash is passed to
append_content_security_policy_directives
.The use case usually is related to loosening a policy's restrictions. While we do provide
SecureHeaders::Configuration.override
blocks, something like this may be useful withoverride_content_security_policy_directives
as well. I think that the demand for override support like this is pretty rare so I'll wait until there's a need. One example I can think of would be needing to override a directive with'none'
, but chances are anything that needs to be set tonone
would be set in the default config.Example use:
Blocked by #281 - This feature needs to be aware of the
csp
/csp_report_only
config separation and needs to support thetarget
attribute.