New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new APIs to customize content security policy for non-HTML responses #39398
Open
imtayadeway
wants to merge
12
commits into
rails:main
Choose a base branch
from
imtayadeway:tjw/api-csp
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+532
−149
Commits on Jun 16, 2020
-
Generate content security policy for non-HTML responses
One feature of the content security policy DSL, though undocumented, is that it will not generate headers for non-HTML responses, even if a configuration is explicitly provided. While it may not seem obvious that anyone would want to send this header in an API response, Mozilla Observatory, for instance, recommends the following for API responses: `Content-Security-Policy: default-src 'none'; frame-ancestors 'none'` (source: https://observatory.mozilla.org/faq/) The Secure Headers gem also makes recommendations about the content security policy for API responses: https://github.com/github/secure_headers#api-configurations As such, this removes the HTML guard clause from the `ContentSecurityPolicy` middleware.
Configuration menu - View commit details
-
Copy full SHA for 05344fc - Browse repository at this point
Copy the full SHA 05344fcView commit details
Commits on Jul 2, 2020
-
Configuration menu - View commit details
-
Copy full SHA for b840a7d - Browse repository at this point
Copy the full SHA b840a7dView commit details
Commits on Jul 6, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 2aa6585 - Browse repository at this point
Copy the full SHA 2aa6585View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2ea33e8 - Browse repository at this point
Copy the full SHA 2ea33e8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 12a0048 - Browse repository at this point
Copy the full SHA 12a0048View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0731722 - Browse repository at this point
Copy the full SHA 0731722View commit details
Commits on Jul 8, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 418fa0b - Browse repository at this point
Copy the full SHA 418fa0bView commit details
Commits on Jul 9, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 0105939 - Browse repository at this point
Copy the full SHA 0105939View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9a7c513 - Browse repository at this point
Copy the full SHA 9a7c513View commit details -
Configuration menu - View commit details
-
Copy full SHA for d14792f - Browse repository at this point
Copy the full SHA d14792fView commit details
Commits on Jul 22, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 8f54f18 - Browse repository at this point
Copy the full SHA 8f54f18View commit details -
Configuration menu - View commit details
-
Copy full SHA for 88c02f9 - Browse repository at this point
Copy the full SHA 88c02f9View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.