Merge pull request #42126 from lfalcao/master
Add support for require-trusted-types-for and trusted-types
This commit is contained in:
commit
523a526b0e
|
@ -1,3 +1,9 @@
|
|||
* Add support for 'require-trusted-types-for' and 'trusted-types' headers.
|
||||
|
||||
Fixes #42034
|
||||
|
||||
*lfalcao*
|
||||
|
||||
* Remove inline styles and address basic accessibility issues on rescue templates.
|
||||
|
||||
*Jacob Herrington*
|
||||
|
|
|
@ -114,9 +114,11 @@ module ActionDispatch #:nodoc:
|
|||
https: "https:",
|
||||
data: "data:",
|
||||
mediastream: "mediastream:",
|
||||
allow_duplicates: "'allow-duplicates'",
|
||||
blob: "blob:",
|
||||
filesystem: "filesystem:",
|
||||
report_sample: "'report-sample'",
|
||||
script: "'script'",
|
||||
strict_dynamic: "'strict-dynamic'",
|
||||
ws: "ws:",
|
||||
wss: "wss:"
|
||||
|
@ -136,12 +138,14 @@ module ActionDispatch #:nodoc:
|
|||
media_src: "media-src",
|
||||
object_src: "object-src",
|
||||
prefetch_src: "prefetch-src",
|
||||
require_trusted_types_for: "require-trusted-types-for",
|
||||
script_src: "script-src",
|
||||
script_src_attr: "script-src-attr",
|
||||
script_src_elem: "script-src-elem",
|
||||
style_src: "style-src",
|
||||
style_src_attr: "style-src-attr",
|
||||
style_src_elem: "style-src-elem",
|
||||
trusted_types: "trusted-types",
|
||||
worker_src: "worker-src"
|
||||
}.freeze
|
||||
|
||||
|
|
|
@ -211,6 +211,24 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase
|
|||
@policy.require_sri_for
|
||||
assert_no_match %r{require-sri-for}, @policy.build
|
||||
|
||||
@policy.require_trusted_types_for :script
|
||||
assert_match %r{require-trusted-types-for 'script'}, @policy.build
|
||||
|
||||
@policy.require_trusted_types_for
|
||||
assert_no_match %r{require-trusted-types-for}, @policy.build
|
||||
|
||||
@policy.trusted_types :none
|
||||
assert_match %r{trusted-types 'none'}, @policy.build
|
||||
|
||||
@policy.trusted_types "foo", "bar"
|
||||
assert_match %r{trusted-types foo bar}, @policy.build
|
||||
|
||||
@policy.trusted_types "foo", "bar", :allow_duplicates
|
||||
assert_match %r{trusted-types foo bar 'allow-duplicates'}, @policy.build
|
||||
|
||||
@policy.trusted_types
|
||||
assert_no_match %r{trusted-types}, @policy.build
|
||||
|
||||
@policy.upgrade_insecure_requests
|
||||
assert_match %r{upgrade-insecure-requests}, @policy.build
|
||||
|
||||
|
|
Loading…
Reference in New Issue