module SecureHeaders::PolicyManagement

Constants

ALL_DIRECTIVES
BASE_URI
BLOB_PROTOCOL
BLOCK_ALL_MIXED_CONTENT

All the directives that are not currently in a formal spec, but have been implemented somewhere.

BODY_DIRECTIVES

Think of default-src and report-uri as the beginning and end respectively, everything else is in between.

CHILD_SRC
CHROME_DIRECTIVES
CONFIG_KEY
CONNECT_SRC
DATA_PROTOCOL
DEFAULT_CONFIG
DEFAULT_SRC
DEFAULT_VALUE
DEPRECATED_SOURCE_VALUES

leftover deprecated values that will be in common use upon upgrading.

DIRECTIVES_1_0
DIRECTIVES_2_0
DIRECTIVES_3_0
DIRECTIVES_DRAFT
DIRECTIVE_VALUE_TYPES
EDGE_DIRECTIVES
FETCH_SOURCES
FIREFOX_46_DEPRECATED_DIRECTIVES
FIREFOX_46_DIRECTIVES
FIREFOX_46_UNSUPPORTED_DIRECTIVES
FIREFOX_DIRECTIVES
FIREFOX_UNSUPPORTED_DIRECTIVES
FONT_SRC
FORM_ACTION
FRAME_ANCESTORS
FRAME_SRC
HEADER_NAME
HEADER_NAMES
HTTP_SCHEME_REGEX
IMG_SRC
MANIFEST_SRC

All the directives currently under consideration for CSP level 3. w3c.github.io/webappsec/specs/CSP2/

MEDIA_SRC
META_CONFIGS
MODERN_BROWSERS
NONE
NON_FETCH_SOURCES

These are directives that do not inherit the default-src value. This is useful when calling combine_policies.

OBJECT_SRC
OTHER
PLUGIN_TYPES
REFLECTED_XSS
REPORT_ONLY
REPORT_URI
SAFARI_DIRECTIVES
SANDBOX
SCRIPT_SRC
SELF
STAR
STAR_REGEXP
STYLE_SRC
UNSAFE_EVAL
UNSAFE_INLINE
UPGRADE_INSECURE_REQUESTS
VARIATIONS
WILDCARD_SOURCES

Public Class Methods

included(base) click to toggle source
# File lib/secure_headers/headers/policy_management.rb, line 3
def self.included(base)
  base.extend(ClassMethods)
end