274 lines
8.5 KiB
Plaintext
274 lines
8.5 KiB
Plaintext
require 'hanami/helpers'
|
|
require 'hanami/assets'
|
|
|
|
module <%= config[:classified_app_name] %>
|
|
class Application < Hanami::Application
|
|
configure do
|
|
##
|
|
# BASIC
|
|
#
|
|
|
|
# Define the root path of this application.
|
|
# All paths specified in this configuration are relative to path below.
|
|
#
|
|
root __dir__
|
|
|
|
# Relative load paths where this application will recursively load the code.
|
|
# When you add new directories, remember to add them here.
|
|
#
|
|
load_paths << [
|
|
'controllers',
|
|
'views'
|
|
]
|
|
|
|
# Handle exceptions with HTTP statuses (true) or don't catch them (false).
|
|
# Defaults to true.
|
|
# See: http://www.rubydoc.info/gems/hanami-controller/#Exceptions_management
|
|
#
|
|
# handle_exceptions true
|
|
|
|
##
|
|
# HTTP
|
|
#
|
|
|
|
# Routes definitions for this application
|
|
# See: http://www.rubydoc.info/gems/hanami-router#Usage
|
|
#
|
|
routes 'config/routes'
|
|
|
|
# URI scheme used by the routing system to generate absolute URLs
|
|
# Defaults to "http"
|
|
#
|
|
# scheme 'https'
|
|
|
|
# URI host used by the routing system to generate absolute URLs
|
|
# Defaults to "localhost"
|
|
#
|
|
# host 'example.org'
|
|
|
|
# URI port used by the routing system to generate absolute URLs
|
|
# Argument: An object coercible to integer, default to 80 if the scheme is http and 443 if it's https
|
|
# This SHOULD be configured only in case the application listens to that non standard ports
|
|
#
|
|
# port 443
|
|
|
|
# Enable cookies
|
|
# Argument: boolean to toggle the feature
|
|
# A Hash with options
|
|
#
|
|
# Options: :domain - The domain (String - nil by default, not required)
|
|
# :path - Restrict cookies to a relative URI (String - nil by default)
|
|
# :max_age - Cookies expiration expressed in seconds (Integer - nil by default)
|
|
# :secure - Restrict cookies to secure connections
|
|
# (Boolean - Automatically set on true if currenlty using a secure connection)
|
|
# See #scheme and #ssl?
|
|
# :httponly - Prevent JavaScript access (Boolean - true by default)
|
|
#
|
|
# cookies true
|
|
# or
|
|
# cookies max_age: 300
|
|
|
|
# Enable sessions
|
|
# Argument: Symbol the Rack session adapter
|
|
# A Hash with options
|
|
#
|
|
# See: http://www.rubydoc.info/gems/rack/Rack/Session/Cookie
|
|
#
|
|
# sessions :cookie, secret: ENV['<%= config[:upcase_app_name] %>_SESSIONS_SECRET']
|
|
|
|
# Configure Rack middleware for this application
|
|
#
|
|
# middleware.use Rack::Protection
|
|
|
|
# Default format for the requests that don't specify an HTTP_ACCEPT header
|
|
# Argument: A symbol representation of a mime type, default to :html
|
|
#
|
|
# default_request_format :html
|
|
|
|
# Default format for responses that doesn't take into account the request format
|
|
# Argument: A symbol representation of a mime type, default to :html
|
|
#
|
|
# default_response_format :html
|
|
|
|
# HTTP Body parsers
|
|
# Parse non GET responses body for a specific mime type
|
|
# Argument: Symbol, which represent the format of the mime type (only `:json` is supported)
|
|
# Object, the parser
|
|
#
|
|
# body_parsers :json
|
|
|
|
# When it's true and the router receives a non-encrypted request (http),
|
|
# it redirects to the secure equivalent resource (https). Default disabled.
|
|
#
|
|
# force_ssl true
|
|
|
|
##
|
|
# TEMPLATES
|
|
#
|
|
|
|
# The layout to be used by all views
|
|
#
|
|
layout :application # It will load <%= config[:classified_app_name] %>::Views::ApplicationLayout
|
|
|
|
# The relative path to templates
|
|
#
|
|
templates 'templates'
|
|
|
|
##
|
|
# ASSETS
|
|
#
|
|
assets do
|
|
# JavaScript compressor
|
|
#
|
|
# Supported engines:
|
|
#
|
|
# * :builtin
|
|
# * :uglifier
|
|
# * :yui
|
|
# * :closure
|
|
#
|
|
# See: http://hanamirb.org/guides/assets/compressors
|
|
#
|
|
# In order to skip JavaScript compression comment the following line
|
|
javascript_compressor :builtin
|
|
|
|
# Stylesheet compressor
|
|
#
|
|
# Supported engines:
|
|
#
|
|
# * :builtin
|
|
# * :yui
|
|
# * :sass
|
|
#
|
|
# See: http://hanamirb.org/guides/assets/compressors
|
|
#
|
|
# In order to skip stylesheet compression comment the following line
|
|
stylesheet_compressor :builtin
|
|
|
|
# Specify sources for assets
|
|
#
|
|
sources << [
|
|
'assets'
|
|
]
|
|
end
|
|
|
|
##
|
|
# SECURITY
|
|
#
|
|
|
|
# X-Frame-Options is a HTTP header supported by modern browsers.
|
|
# It determines if a web page can or cannot be included via <frame> and
|
|
# <iframe> tags by untrusted domains.
|
|
#
|
|
# Web applications can send this header to prevent Clickjacking attacks.
|
|
#
|
|
# Read more at:
|
|
#
|
|
# * https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
|
|
# * https://www.owasp.org/index.php/Clickjacking
|
|
#
|
|
security.x_frame_options "DENY"
|
|
|
|
# Content-Security-Policy (CSP) is a HTTP header supported by modern browsers.
|
|
# It determines trusted sources of execution for dynamic contents
|
|
# (JavaScript) or other web related assets: stylesheets, images, fonts,
|
|
# plugins, etc.
|
|
#
|
|
# Web applications can send this header to mitigate Cross Site Scripting
|
|
# (XSS) attacks.
|
|
#
|
|
# The default value allows images, scripts, AJAX, fonts and CSS from the same
|
|
# origin, and does not allow any other resources to load (eg object,
|
|
# frame, media, etc).
|
|
#
|
|
# Inline JavaScript is NOT allowed. To enable it, please use:
|
|
# "script-src 'unsafe-inline'".
|
|
#
|
|
# Content Security Policy introduction:
|
|
#
|
|
# * http://www.html5rocks.com/en/tutorials/security/content-security-policy/
|
|
# * https://www.owasp.org/index.php/Content_Security_Policy
|
|
# * https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
|
|
#
|
|
# Inline and eval JavaScript risks:
|
|
#
|
|
# * http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
|
|
# * http://www.html5rocks.com/en/tutorials/security/content-security-policy/#eval-too
|
|
#
|
|
# Content Security Policy usage:
|
|
#
|
|
# * http://content-security-policy.com/
|
|
# * https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy
|
|
#
|
|
security.content_security_policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; font-src 'self';"
|
|
|
|
##
|
|
# FRAMEWORKS
|
|
#
|
|
|
|
# Configure the code that will yield each time <%= config[:classified_app_name] %>::Action is included
|
|
# This is useful for sharing common functionality
|
|
#
|
|
# See: http://www.rubydoc.info/gems/hanami-controller#Configuration
|
|
controller.prepare do
|
|
# include MyAuthentication # included in all the actions
|
|
# before :authenticate! # run an authentication before callback
|
|
end
|
|
|
|
# Configure the code that will yield each time <%= config[:classified_app_name] %>::View is included
|
|
# This is useful for sharing common functionality
|
|
#
|
|
# See: http://www.rubydoc.info/gems/hanami-view#Configuration
|
|
view.prepare do
|
|
include Hanami::Helpers
|
|
include <%= config[:classified_app_name] %>::Assets::Helpers
|
|
end
|
|
end
|
|
|
|
##
|
|
# DEVELOPMENT
|
|
#
|
|
configure :development do
|
|
# Don't handle exceptions, render the stack trace
|
|
handle_exceptions false
|
|
end
|
|
|
|
##
|
|
# TEST
|
|
#
|
|
configure :test do
|
|
# Don't handle exceptions, render the stack trace
|
|
handle_exceptions false
|
|
end
|
|
|
|
##
|
|
# PRODUCTION
|
|
#
|
|
configure :production do
|
|
# scheme 'https'
|
|
# host 'example.org'
|
|
# port 443
|
|
|
|
assets do
|
|
# Don't compile static assets in production mode (eg. Sass, ES6)
|
|
#
|
|
# See: http://www.rubydoc.info/gems/hanami-assets#Configuration
|
|
compile false
|
|
|
|
# Use digest file name for asset paths
|
|
#
|
|
# See: http://hanamirb.org/guides/assets/digest
|
|
digest true
|
|
|
|
# Content Delivery Network (CDN)
|
|
#
|
|
# See: http://hanamirb.org/guides/assets/content-delivery-network
|
|
#
|
|
# scheme 'https'
|
|
# host 'cdn.example.org'
|
|
# port 443
|
|
end
|
|
end
|
|
end
|
|
end
|