Merge pull request #42126 from lfalcao/master
Add support for require-trusted-types-for and trusted-types
This commit is contained in:
commit
523a526b0e
|
@ -1,3 +1,9 @@
|
||||||
|
* Add support for 'require-trusted-types-for' and 'trusted-types' headers.
|
||||||
|
|
||||||
|
Fixes #42034
|
||||||
|
|
||||||
|
*lfalcao*
|
||||||
|
|
||||||
* Remove inline styles and address basic accessibility issues on rescue templates.
|
* Remove inline styles and address basic accessibility issues on rescue templates.
|
||||||
|
|
||||||
*Jacob Herrington*
|
*Jacob Herrington*
|
||||||
|
|
|
@ -106,43 +106,47 @@ module ActionDispatch #:nodoc:
|
||||||
end
|
end
|
||||||
|
|
||||||
MAPPINGS = {
|
MAPPINGS = {
|
||||||
self: "'self'",
|
self: "'self'",
|
||||||
unsafe_eval: "'unsafe-eval'",
|
unsafe_eval: "'unsafe-eval'",
|
||||||
unsafe_inline: "'unsafe-inline'",
|
unsafe_inline: "'unsafe-inline'",
|
||||||
none: "'none'",
|
none: "'none'",
|
||||||
http: "http:",
|
http: "http:",
|
||||||
https: "https:",
|
https: "https:",
|
||||||
data: "data:",
|
data: "data:",
|
||||||
mediastream: "mediastream:",
|
mediastream: "mediastream:",
|
||||||
blob: "blob:",
|
allow_duplicates: "'allow-duplicates'",
|
||||||
filesystem: "filesystem:",
|
blob: "blob:",
|
||||||
report_sample: "'report-sample'",
|
filesystem: "filesystem:",
|
||||||
strict_dynamic: "'strict-dynamic'",
|
report_sample: "'report-sample'",
|
||||||
ws: "ws:",
|
script: "'script'",
|
||||||
wss: "wss:"
|
strict_dynamic: "'strict-dynamic'",
|
||||||
|
ws: "ws:",
|
||||||
|
wss: "wss:"
|
||||||
}.freeze
|
}.freeze
|
||||||
|
|
||||||
DIRECTIVES = {
|
DIRECTIVES = {
|
||||||
base_uri: "base-uri",
|
base_uri: "base-uri",
|
||||||
child_src: "child-src",
|
child_src: "child-src",
|
||||||
connect_src: "connect-src",
|
connect_src: "connect-src",
|
||||||
default_src: "default-src",
|
default_src: "default-src",
|
||||||
font_src: "font-src",
|
font_src: "font-src",
|
||||||
form_action: "form-action",
|
form_action: "form-action",
|
||||||
frame_ancestors: "frame-ancestors",
|
frame_ancestors: "frame-ancestors",
|
||||||
frame_src: "frame-src",
|
frame_src: "frame-src",
|
||||||
img_src: "img-src",
|
img_src: "img-src",
|
||||||
manifest_src: "manifest-src",
|
manifest_src: "manifest-src",
|
||||||
media_src: "media-src",
|
media_src: "media-src",
|
||||||
object_src: "object-src",
|
object_src: "object-src",
|
||||||
prefetch_src: "prefetch-src",
|
prefetch_src: "prefetch-src",
|
||||||
script_src: "script-src",
|
require_trusted_types_for: "require-trusted-types-for",
|
||||||
script_src_attr: "script-src-attr",
|
script_src: "script-src",
|
||||||
script_src_elem: "script-src-elem",
|
script_src_attr: "script-src-attr",
|
||||||
style_src: "style-src",
|
script_src_elem: "script-src-elem",
|
||||||
style_src_attr: "style-src-attr",
|
style_src: "style-src",
|
||||||
style_src_elem: "style-src-elem",
|
style_src_attr: "style-src-attr",
|
||||||
worker_src: "worker-src"
|
style_src_elem: "style-src-elem",
|
||||||
|
trusted_types: "trusted-types",
|
||||||
|
worker_src: "worker-src"
|
||||||
}.freeze
|
}.freeze
|
||||||
|
|
||||||
DEFAULT_NONCE_DIRECTIVES = %w[script-src style-src].freeze
|
DEFAULT_NONCE_DIRECTIVES = %w[script-src style-src].freeze
|
||||||
|
|
|
@ -211,6 +211,24 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase
|
||||||
@policy.require_sri_for
|
@policy.require_sri_for
|
||||||
assert_no_match %r{require-sri-for}, @policy.build
|
assert_no_match %r{require-sri-for}, @policy.build
|
||||||
|
|
||||||
|
@policy.require_trusted_types_for :script
|
||||||
|
assert_match %r{require-trusted-types-for 'script'}, @policy.build
|
||||||
|
|
||||||
|
@policy.require_trusted_types_for
|
||||||
|
assert_no_match %r{require-trusted-types-for}, @policy.build
|
||||||
|
|
||||||
|
@policy.trusted_types :none
|
||||||
|
assert_match %r{trusted-types 'none'}, @policy.build
|
||||||
|
|
||||||
|
@policy.trusted_types "foo", "bar"
|
||||||
|
assert_match %r{trusted-types foo bar}, @policy.build
|
||||||
|
|
||||||
|
@policy.trusted_types "foo", "bar", :allow_duplicates
|
||||||
|
assert_match %r{trusted-types foo bar 'allow-duplicates'}, @policy.build
|
||||||
|
|
||||||
|
@policy.trusted_types
|
||||||
|
assert_no_match %r{trusted-types}, @policy.build
|
||||||
|
|
||||||
@policy.upgrade_insecure_requests
|
@policy.upgrade_insecure_requests
|
||||||
assert_match %r{upgrade-insecure-requests}, @policy.build
|
assert_match %r{upgrade-insecure-requests}, @policy.build
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue