2017-08-14 13:08:09 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2013-12-16 00:52:40 -05:00
|
|
|
class Rails::ApplicationController < ActionController::Base # :nodoc:
|
2017-05-15 10:17:28 -04:00
|
|
|
self.view_paths = File.expand_path("templates", __dir__)
|
2016-08-06 13:15:47 -04:00
|
|
|
layout "application"
|
2013-12-16 00:52:40 -05:00
|
|
|
|
2018-03-05 07:42:49 -05:00
|
|
|
before_action :disable_content_security_policy_nonce!
|
|
|
|
|
|
|
|
content_security_policy do |policy|
|
2018-03-08 09:14:09 -05:00
|
|
|
policy.script_src :unsafe_inline
|
|
|
|
policy.style_src :unsafe_inline
|
2018-03-05 07:42:49 -05:00
|
|
|
end
|
|
|
|
|
2016-12-23 05:20:01 -05:00
|
|
|
private
|
2016-08-06 13:55:02 -04:00
|
|
|
def require_local!
|
|
|
|
unless local_request?
|
|
|
|
render html: "<p>For security purposes, this information is only available to local requests.</p>".html_safe, status: :forbidden
|
|
|
|
end
|
2013-12-16 00:52:40 -05:00
|
|
|
end
|
|
|
|
|
2016-08-06 13:55:02 -04:00
|
|
|
def local_request?
|
|
|
|
Rails.application.config.consider_all_requests_local || request.local?
|
|
|
|
end
|
2018-03-05 07:42:49 -05:00
|
|
|
|
|
|
|
def disable_content_security_policy_nonce!
|
|
|
|
request.content_security_policy_nonce_generator = nil
|
|
|
|
end
|
2013-12-16 00:52:40 -05:00
|
|
|
end
|