-
Notifications
You must be signed in to change notification settings - Fork 0
/
bridgetown.automation.rb
42 lines (34 loc) · 1.78 KB
/
bridgetown.automation.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
say_status :content_security_policy, "Installing the bridgetown-content-security-policy plugin..."
add_bridgetown_plugin "bridgetown-content-security-policy"
create_file "config/content_security_policy.config.rb" do
<<~RUBY
# The recommended default Content Security Policy
BridgetownContentSecurityPolicy.configure :default do |policy|
policy.default_src :self
policy.img_src :self, :data
policy.object_src :none
end
# All other policies with inherit from :default
# To allow inline styles on certain pages, we can define the following
# policy which inherits all the values from :default and defines a style_src
#
# BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
# policy.style_src :self, :unsafe_inline
# end
# This is an example of a more complex policy demonstrating the DSL
# For further information see the following documentation
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
# BridgetownContentSecurityPolicy.configure :default do |policy|
# policy.default_src :self
# policy.font_src :self, :https, :data
# policy.img_src :self, :https, :data
# policy.object_src :none
# policy.script_src :self, :https
# policy.style_src :self, :https
# end
RUBY
end
say_status :content_security_policy, "All done! Add `init :\"bridgetown-content-security-policy\"` to your `config/initializers.rb`"
say_status :content_security_policy, "Add <% content_security_policy %> to the head tag in your layouts to render the CSP."
say_status :content_security_policy, "See the new content_security_policy.rb file for details"
say_status :content_security_policy, "More info available at: https://github.com/ayushn21/bridgetown-content-security-policy"