👩💻 Join our community of thousands of amazing developers!
Content Security Policy can be an effective way to prevent XSS attacks. If you aren’t familiar, here’s a great intro. To get started with Rails, first add the header to all requests in your ApplicationController. We want to start by blocking content in development so we notice it, but only report it in production so nothing breaks. before_action :set_csp # use constants and freeze for performance CSP_HEADER_NAME = (Rails.env.production? ? "Content-Security-Policy-Report-Only" : "Content-Securit...