YamlCspConfig

YamlCspConfig is a Ruby gem that helps developers more easily maintain and update their Content Security Policies (CSP). The gem allows developers to define their CSP configuration in a YAML file instead of using the Rails DSL. This makes it easier to read and maintain the configuration, as well as making it more structured. Developers can also create Rails environment-specific configurations, extend their CSP configuration via environment variables, and include ERB in their YAML file. This gem makes managing CSPs easier and more efficient.

self_and_data_uri_policy: &SELF_AND_DATA
  - :self
  - :data

google_static_hosts: &GOOGLE_STATIC
  - https://*.googleapis.com
  - https://*.gstatic.com

content_security_policy:
  # Base config
  report_uri: "/csp-violation-report-endpoint"

  default_src: :self

  object_src: :none

  font_src: 
    - :self
    - *GOOGLE_STATIC
    - https://fonts.gstatic.com
  
  style_src: 
    - *SELF_AND_DATA
    - :unsafe_inline
  
  img_src:
    - *SELF_AND_DATA
    - *GOOGLE_STATIC
    - https://s3.amazonaws.com