Class: Brut::FrontEnd::RouteHooks::CSPNoInlineScripts

Inherits:

Brut::FrontEnd::RouteHook

• Object
• Brut::FrontEnd::RouteHook
• Brut::FrontEnd::RouteHooks::CSPNoInlineScripts

Defined in:

lib/brut/front_end/route_hooks/csp_no_inline_scripts.rb

Overview

Sets content security policy headers that forbid inline scripts, but allow inline styles. This is intended to be used in development to allow easier UI design work to happen in the browser by the temporary use of inline styles.

See Also:

• CSPNoInlineStylesOrScripts
• https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Instance Method Summary

• #after(response:) ⇒ Object

Methods inherited from Brut::FrontEnd::RouteHook

#before, #continue

Methods included from Brut::Framework::Errors

#abstract_method!, #bug!

Methods included from HandlingResults

#http_status, #redirect_to

Instance Method Details

#after(response:) ⇒ Object

# File 'lib/brut/front_end/route_hooks/csp_no_inline_scripts.rb', line 8

def after(response:)
  response.headers["Content-Security-Policy"] = header_value
  continue
end