diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 33d4974..8acf666 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -22,6 +22,10 @@ end # Rails.application.config.content_security_policy_nonce_generator = # -> request { SecureRandom.base64(16) } +# Set the nonce only to specific directives +# Rails.application.config.content_security_policy_nonce_directives = +# %w(script-src) + # Report CSP violations to a specified URI # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb index ca4ecfa..db1571f 100644 --- a/config/initializers/wrap_parameters.rb +++ b/config/initializers/wrap_parameters.rb @@ -2,11 +2,11 @@ # Be sure to restart your server when you modify this file. -# This file contains settings for ActionController::ParamsWrapper which -# is enabled by default. +# This file contains settings for ActionController::ParamsWrapper +# which is enabled by default. -# Enable parameter wrapping for JSON. You can disable this by setting :format -# to an empty array. +# Enable parameter wrapping for JSON. +# You can disable this by setting :format to an empty array. ActiveSupport.on_load(:action_controller) do wrap_parameters format: [:json] end