Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/boardfish/zantetsuken
⚔️ Organize and build your app's Content Security Policy
https://github.com/boardfish/zantetsuken
content-security-policy hacktoberfest rails ruby-gem ruby-on-rails
Last synced: 1 day ago
JSON representation
⚔️ Organize and build your app's Content Security Policy
- Host: GitHub
- URL: https://github.com/boardfish/zantetsuken
- Owner: boardfish
- License: mit
- Created: 2021-07-10T11:29:37.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-07-13T16:38:37.000Z (over 3 years ago)
- Last Synced: 2024-12-17T23:48:02.938Z (5 days ago)
- Topics: content-security-policy, hacktoberfest, rails, ruby-gem, ruby-on-rails
- Language: Ruby
- Homepage:
- Size: 44.9 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Zantetsuken
The Content Security Policy (CSP) initializer in Rails can get cluttered
fast. Break it down with the help of this gem.## Installation
Add `gem 'zantetsuken'` to your Gemfile and run `bundle install`.
Alternatively, install the gem directly by calling `gem install
zantetsuken` in your shell.## Usage
Update `config/initializer/content_security_policy` to include the
following:```ruby
Dir[Rails.root.join('app/lib/zantetsuken/**/*.rb').to_s].sort.each { |file| require file }
Rails.application.config.content_security_policy do |policy|
Zantetsuken.load(policy)
end
```This will compose any rulesets you've defined under the
`Zantetsuken::Ruleset` module into a single
`ActionDispatch::ContentSecurityPolicy`, which is what Rails uses under
the hood to build your CSP.### Defining rulesets
You should define your rulesets under
`app/lib/zantetsuken/ruleset`. Here's an example:```ruby
# app/lib/zantetsuken/ruleset/stripe/js.rb# frozen_string_literal: true
module Zantetsuken
module Ruleset
module Stripe
# Used for loading Stripe's JS library.
class Js < Base
ruleset do
self.connect_src = 'https://api.stripe.com'
self.frame_src = 'https://js.stripe.com', 'https://hooks.stripe.com'
self.script_src = 'https://js.stripe.com'
end
end
end
end
end
```You should inherit from `Zantetsuken::Ruleset::Base` so that the ruleset can be
composed with others.## Contributing
Contributions are welcome by way of a pull request. Pull requests with
failing test cases are preferable to issues, if you feel comfortable
doing that.