SECURITY: Don't reuse CSP nonce between requests (#22544)

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2025-02-25 18:55:32 -06:00 · 2023-07-11 15:24:36 -06:00
parent 0718289574
commit eed7d86601
7 changed files with 49 additions and 15 deletions
--- a/lib/content_security_policy/builder.rb
+++ b/lib/content_security_policy/builder.rb
@@ -25,8 +25,8 @@ class ContentSecurityPolicy
      style_src
    ].freeze

-    def initialize(base_url:)
-      @directives = Default.new(base_url: base_url).directives
+    def initialize(base_url:, env: {})
+      @directives = Default.new(base_url: base_url, env: env).directives
      @base_url = base_url
    end