module SecureHeaders::PolicyManagement
Constants
- ALL_DIRECTIVES
- BASE_URI
- BLOB_PROTOCOL
- BLOCK_ALL_MIXED_CONTENT
All the directives that are not currently in a formal spec, but have been implemented somewhere.
- BODY_DIRECTIVES
Think of default-src and report-uri as the beginning and end respectively, everything else is in between.
- CHILD_SRC
- CHROME_DIRECTIVES
- CONFIG_KEY
- CONNECT_SRC
- DATA_PROTOCOL
- DEFAULT_CONFIG
- DEFAULT_SRC
- DEFAULT_VALUE
- DEPRECATED_SOURCE_VALUES
leftover deprecated values that will be in common use upon upgrading.
- DIRECTIVES_1_0
- DIRECTIVES_2_0
- DIRECTIVES_3_0
- DIRECTIVES_DRAFT
- DIRECTIVE_VALUE_TYPES
- EDGE_DIRECTIVES
- FETCH_SOURCES
- FIREFOX_46_DEPRECATED_DIRECTIVES
- FIREFOX_46_DIRECTIVES
- FIREFOX_46_UNSUPPORTED_DIRECTIVES
- FIREFOX_DIRECTIVES
- FIREFOX_UNSUPPORTED_DIRECTIVES
- FONT_SRC
- FORM_ACTION
- FRAME_ANCESTORS
- FRAME_SRC
- HEADER_NAME
- HEADER_NAMES
- HTTP_SCHEME_REGEX
- IMG_SRC
- MANIFEST_SRC
All the directives currently under consideration for CSP level 3. w3c.github.io/webappsec/specs/CSP2/
- MEDIA_SRC
- META_CONFIGS
- MODERN_BROWSERS
- NONE
- NON_FETCH_SOURCES
These are directives that do not inherit the default-src value. This is useful when calling combine_policies.
- OBJECT_SRC
- OTHER
- PLUGIN_TYPES
- REFLECTED_XSS
- REPORT_ONLY
- REPORT_URI
- SAFARI_DIRECTIVES
- SANDBOX
- SCRIPT_SRC
- SELF
- STAR
- STAR_REGEXP
- STYLE_SRC
- UNSAFE_EVAL
- UNSAFE_INLINE
- UPGRADE_INSECURE_REQUESTS
- VARIATIONS
- WILDCARD_SOURCES
Public Class Methods
included(base)
click to toggle source
# File lib/secure_headers/headers/policy_management.rb, line 3 def self.included(base) base.extend(ClassMethods) end