Skip to content
/ rack_nonce_middleware Public

A Rack middleware to add a nonce to the CSP header and expose it to the view templates.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wurmlab/rack_nonce_middleware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
lib
lib
 
 
README.md
README.md
 
 
rack_nonce_middleware.gemspec
rack_nonce_middleware.gemspec
 
 

Repository files navigation

RackNonceMiddleware

A Rack middleware to add a nonce to the CSP header and expose it to the view templates.

This is a minimalistic gem to help with Rack applications (such as Sinatra) that need a CSP policy for inline scripts and styles. This middleware generates a nonce for each request, adds it to the CSP header, and exposes it to the application views as env['csp.nonce'] so that it can be included in the script and style tags.

Usage

Add the hem to your Gemfile:

gem 'rack_nonce_middleware'

In your backend Rack application, add the middleware to the stack:

require 'rack-nonce-middleware'

use RackNonceMiddleware # Make sure this is included before Rack::Protection

use(Rack::Protection, {
  use: %i[content_security_policy],
  script_src: "'self' '#{RackNonceMiddleware::NONCE}' https://....",
  style_src: "'self' '#{RackNonceMiddleware::NONCE}' https://....",

In your views, add the nonce to the script and style tags:

<script nonce="<%= env['csp.nonce'] %>">...</script>
<style nonce="<%= env['csp.nonce'] %>">...</style>

About

A Rack middleware to add a nonce to the CSP header and expose it to the view templates.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages