module SecureHeaders::PolicyManagement
Constants
- ALL_DIRECTIVES
- BASE_URI
- BLOB_PROTOCOL
- BLOCK_ALL_MIXED_CONTENT
All the directives currently under consideration for
CSP
level 3. w3c.github.io/webappsec/specs/CSP2/- BODY_DIRECTIVES
Think of default-src and report-uri as the beginning and end respectively, everything else is in between.
- CHILD_SRC
- CONNECT_SRC
- DATA_PROTOCOL
- DEFAULT_CONFIG
- DEFAULT_SRC
- DEPRECATED_SOURCE_VALUES
leftover deprecated values that will be in common use upon upgrading.
- DIRECTIVES_1_0
- DIRECTIVES_2_0
- DIRECTIVES_3_0
- DIRECTIVES_EXPERIMENTAL
- DIRECTIVE_VALUE_TYPES
- FETCH_SOURCES
- FONT_SRC
- FORM_ACTION
- FRAME_ANCESTORS
- FRAME_SRC
- HTTP_SCHEME_REGEX
- IMG_SRC
- MANIFEST_SRC
- MEDIA_SRC
- META_CONFIGS
- NAVIGATE_TO
- NONCES
- NONE
- NON_FETCH_SOURCES
These are directives that take a source list, but that do not inherit the default-src value.
- NON_SOURCE_LIST_SOURCES
These are directives that don't have use a source list, and hence do not inherit the default-src value.
- OBJECT_SRC
- PLUGIN_TYPES
- PREFETCH_SRC
- REPORT_URI
- REQUIRE_SRI_FOR
- REQUIRE_SRI_FOR_VALUES
- REQUIRE_TRUSTED_TYPES_FOR
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for
- REQUIRE_TRUSTED_TYPES_FOR_VALUES
- SANDBOX
- SCRIPT_SRC
- SCRIPT_SRC_ATTR
- SCRIPT_SRC_ELEM
- SELF
- STAR
- STAR_REGEXP
- STRICT_DYNAMIC
- STYLE_SRC
- STYLE_SRC_ATTR
- STYLE_SRC_ELEM
- TRUSTED_TYPES
Experimental directives - these vary greatly in support See MDN for details. developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types
- UNSAFE_EVAL
- UNSAFE_INLINE
- UPGRADE_INSECURE_REQUESTS
- WILDCARD_SOURCES
- WORKER_SRC
Public Class Methods
included(base)
click to toggle source
# File lib/secure_headers/headers/policy_management.rb, line 7 def self.included(base) base.extend(ClassMethods) end