app/controllers/concerns/bizible_csp.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

# frozen_string_literal: true

module BizibleCSP
  extend ActiveSupport::Concern

  included do
    content_security_policy do |policy|
      next unless helpers.bizible_enabled? || policy.directives.present?

      default_script_src = policy.directives['script-src'] || policy.directives['default-src']
      script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.bizible.com/scripts/bizible.js']
      policy.script_src(*script_src_values)
    end
  end
end