diff options
Diffstat (limited to 'app/controllers/concerns/content_security_policy_patch.rb')
-rw-r--r-- | app/controllers/concerns/content_security_policy_patch.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/app/controllers/concerns/content_security_policy_patch.rb b/app/controllers/concerns/content_security_policy_patch.rb new file mode 100644 index 00000000000..a4dc232ee42 --- /dev/null +++ b/app/controllers/concerns/content_security_policy_patch.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +## +# `content_security_policy_with_context` makes the caller's context available to the invoked block, +# as this is currently not accessible from `content_security_policy` +# +# This patch is available in content_security_policy starting with Rails 7.2. +# Refs: https://github.com/rails/rails/pull/45115. +module ContentSecurityPolicyPatch + def content_security_policy_with_context(enabled = true, **options, &block) + if Rails.gem_version >= Gem::Version.new("7.2") + ActiveSupport::Deprecation.warn( + "content_security_policy_with_context should only be used with Rails < 7.2. + Use content_security_policy instead.") + end + + before_action(options) do + if block + policy = current_content_security_policy + instance_exec(policy, &block) + request.content_security_policy = policy + end + + request.content_security_policy = nil unless enabled + end + end +end |