Hanami v2.0.0.alpha4 Release Notes
Release Date: 2021-12-07 // over 2 years ago-
➕ Added
🔒 [Luca Guidi] Manage Content Security Policy (CSP) with "zero-defaults" policy. New API to change CSP values and to disable the feature.
# Read a CSP value module MyApp class Application < Hanami::Application config.actions.content_security_policy[:base_uri] # => "'self'" end end
# Override a default CSP value module MyApp class Application < Hanami::Application # This line will generate the following CSP fragment # plugin-types ; config.actions.content_security_policy[:plugin_types] = nil end end
# Append to a default CSP value module MyApp class Application < Hanami::Application # This line will generate the following CSP fragment # script-src 'self' https://my.cdn.test; config.actions.content_security_policy[:script_src] += " https://my.cdn.test" end end
# Add a custom CSP key. Useful when CSP standard evolves. module MyApp class Application < Hanami::Application # This line will generate the following CSP fragment # my-custom-setting 'self'; config.actions.content_security_policy['my-custom-setting'] = "'self'" end end
# Delete a CSP key. module MyApp class Application < Hanami::Application config.actions.content_security_policy.delete(:object_src) end end
# Disable CSP feature. module MyApp class Application < Hanami::Application config.actions.content_security_policy = false end end