kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/railties/lib/rails/application_controller.rb

30 lines
805 B
Ruby
Raw Normal View History

Adding frozen_string_literal pragma to Railties.
2017-08-14 13:08:09 -04:00
# frozen_string_literal: true
Add an application controller for internal controllers
2013-12-16 00:52:40 -05:00
class Rails::ApplicationController < ActionController::Base # :nodoc:
Define path with __dir__ ".. with __dir__ we can restore order in the Universe." - by @fxn Related to 5b8738c2df003a96f0e490c43559747618d10f5f
2017-05-15 10:17:28 -04:00
self.view_paths = File.expand_path("templates", __dir__)
applies new string literal convention in railties/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 13:15:47 -04:00
layout "application"
Add an application controller for internal controllers
2013-12-16 00:52:40 -05:00
Allow using inline style and script in the internal controllers We use inline style and script for the view held inside Rails like welcome page and mailer preview. Therefore, if inline is prohibited by CSP, they will not work properly. I think that this is not as expected.   For that reason, I have made it possible to use inline style and script regardless of application settings.
2018-03-05 07:42:49 -05:00
before_action :disable_content_security_policy_nonce!
content_security_policy do |policy|
Always yield a CSP policy instance If the app has the CSP disabled globally allow a controller action to enable the policy for that request.
2018-03-08 09:14:09 -05:00
policy.script_src :unsafe_inline
policy.style_src :unsafe_inline
Allow using inline style and script in the internal controllers We use inline style and script for the view held inside Rails like welcome page and mailer preview. Therefore, if inline is prohibited by CSP, they will not work properly. I think that this is not as expected.   For that reason, I have made it possible to use inline style and script regardless of application settings.
2018-03-05 07:42:49 -05:00
end
Privatize unneededly protected methods in Railties
2016-12-23 05:20:01 -05:00
private
Add an application controller for internal controllers
2013-12-16 00:52:40 -05:00
normalizes indentation and whitespace across the project
2016-08-06 13:55:02 -04:00
def require_local!
unless local_request?
render html: "<p>For security purposes, this information is only available to local requests.</p>".html_safe, status: :forbidden
end
Add an application controller for internal controllers
2013-12-16 00:52:40 -05:00
end
normalizes indentation and whitespace across the project
2016-08-06 13:55:02 -04:00
def local_request?
Rails.application.config.consider_all_requests_local || request.local?
end
Allow using inline style and script in the internal controllers We use inline style and script for the view held inside Rails like welcome page and mailer preview. Therefore, if inline is prohibited by CSP, they will not work properly. I think that this is not as expected.   For that reason, I have made it possible to use inline style and script regardless of application settings.
2018-03-05 07:42:49 -05:00
def disable_content_security_policy_nonce!
request.content_security_policy_nonce_generator = nil
end
Add an application controller for internal controllers
2013-12-16 00:52:40 -05:00
end
Copy permalink