Closed TravisSpangle closed 2 years ago
I generated a new app with the same version of ruby & rails. I followed the instructions I had previously and secure_headers
works as advertised. It threw an error letting me know I hadn't set a policy and I correctly set it in config/initailizers.
This app must have something at the RACK level that conflicts with secure_headers
.
I've inherited a Rails 4 app that needs CSP. Many articles have pointed me here with
config/initializers/csp.rb
file with my settings.I only ever get
uninitialized constant SecureHeaders
onrails s
regardless of where I put my configuration.I'm poking around this repo, reading through the upgrade docs, and surprised there isn't more direction.
Here is the contents of my csp.rb
In addition to the initializer file I've tried config/application.rb and controllers/application_controller.rb.