File: content_security_policy_patch.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (27 lines) | stat: -rw-r--r-- 946 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# frozen_string_literal: true

##
# `content_security_policy_with_context` makes the caller's context available to the invoked block,
# as this is currently not accessible from `content_security_policy`
#
# This patch is available in content_security_policy starting with Rails 7.2.
# Refs: https://github.com/rails/rails/pull/45115.
module ContentSecurityPolicyPatch
  def content_security_policy_with_context(enabled = true, **options, &block)
    if Rails.gem_version >= Gem::Version.new("7.2")
      ActiveSupport::Deprecation.warn(
        "content_security_policy_with_context should only be used with Rails < 7.2.
        Use content_security_policy instead.")
    end

    before_action(options) do
      if block
        policy = current_content_security_policy
        instance_exec(policy, &block)
        request.content_security_policy = policy
      end

      request.content_security_policy = nil unless enabled
    end
  end
end