Skip to content

/ secure_headers

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignoring CSP on some formats #437

Open
paul-mesnilgrente opened this issue Apr 8, 2020 · 1 comment
Open

Ignoring CSP on some formats #437

paul-mesnilgrente opened this issue Apr 8, 2020 · 1 comment

Comments

@paul-mesnilgrente
Copy link

@paul-mesnilgrente paul-mesnilgrente commented Apr 8, 2020

Feature Requests

I found a bug of display of PDFs in Chrome. See https://bugs.chromium.org/p/chromium/issues/detail?id=271452

Would it possible to disable CSP on every .pdf for example?
@oreoshake
Copy link
Member

@oreoshake oreoshake commented Apr 9, 2020

I think there are a couple ways to accomplish this. Forgive me, this is a bit pseudo-code-ey.

before_action :no_csp_plz

SecureHeaders::Configuration.override(:no_csp) do |config|
  config.csp = SecureHeaders::OPT_OUT
end

def no_csp_plz
  if content type is pdf
    use_secure_headers_override(:no_csp)    
  end
end

Or

before_action :no_csp_plz

def no_csp_plz
  if content type is pdf
    opt_out_of_header(:csp)
  end
end

If I had to pick, I'd say the first option is more idiomatic.

You can probably move that if to the before_action declaration.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@oreoshake @paul-mesnilgrente
You can’t perform that action at this time.