Skip to content

Commit

Permalink
rubocop fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@RyanEddyIC @bbodine1
RyanEddyIC authored and bbodine1 committed Dec 18, 2024
1 parent 1a94b7c commit e5b25b2
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions config/initializers/rails_csp_nonce.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@ def call(env)

doc = nil
begin
if body.is_a?(ActionDispatch::Response::RackBody)
doc = Loofah.document(body.body)
else
doc = Loofah.document(body)
end
rescue
doc = if body.is_a?(ActionDispatch::Response::RackBody)
Loofah.document(body.body)
else
Loofah.document(body)
end
rescue StandardError
return [stat, headers, body]
end
doc.xpath("//script").each do |node|
Expand All @@ -35,7 +35,7 @@ def call(env)
# nonce_node(node, nonce, :style, request)
# end
doc.xpath("//*[@onclick]").each do |node|
request.logger.tagged("CSPTagMissingNonce").warn("Detected inline onclick event handler: #{node["onclick"]}")
request.logger.tagged("CSPTagMissingNonce").warn("Detected inline onclick event handler: #{node['onclick']}")
end
response = ActionDispatch::Response.new(stat, headers, doc.to_s)
response.to_a
Expand All @@ -49,15 +49,15 @@ def nonce_node(node, nonce, kind, ad_request)
end
end

Rails.application.config.content_security_policy_nonce_generator = -> (request) do
# use the same csp nonce for turbolinks requests
if request.env['HTTP_TURBOLINKS_REFERRER'].present?
request.env['HTTP_X_TURBOLINKS_NONCE']
else
SecureRandom.base64(16)
end
end
Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
Rails.application.config.content_security_policy_nonce_generator = lambda do |request|
# use the same csp nonce for turbolinks requests
if request.env['HTTP_TURBOLINKS_REFERRER'].present?
request.env['HTTP_X_TURBOLINKS_NONCE']
else
SecureRandom.base64(16)
end
end
Rails.application.config.content_security_policy_nonce_directives = %w[script-src]

Rails.application.config.content_security_policy do |policy|
csp_proto = Rails.env.production? ? :https : :http
Expand Down

0 comments on commit e5b25b2

Please sign in to comment.