-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standard header only #75
Conversation
@bemurphy this rips out a lot of your code. The separation really helped :) |
whoa time machine. @oreoshake cool glad it helped! |
|
||
# you can also use lambdas to use dynamically generated nonces | ||
:script_nonce => lambda { @script_nonce] = 'something' } | ||
:script_nonce => lambda { @script_nonce] = 'something' } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like a typo... What's with the ']' just hanging there?
I support ripping out brwsr and just sending more headers... Honestly, I send most of these via Apache or nginx rules anyway. |
Looks good to me but I'm not really an expert. |
Rips out all browser-specific CSP handling and only serves the standard header.
A followup: I'd like to rip out the brwsr gem and not do any UA sniffing. This will mean more headers are sent...
Fixes #73