YamlCspConfig is a Ruby gem that helps developers more easily maintain and update their Content Security Policies (CSP). The gem allows developers to define their CSP configuration in a YAML file instead of using the Rails DSL. This makes it easier to read and maintain the configuration, as well as making it more structured. Developers can also create Rails environment-specific configurations, extend their CSP configuration via environment variables, and include ERB in their YAML file. This gem makes managing CSPs easier and more efficient.
self_and_data_uri_policy: &SELF_AND_DATA - :self - :data google_static_hosts: &GOOGLE_STATIC - https://*.googleapis.com - https://*.gstatic.com content_security_policy: # Base config report_uri: "/csp-violation-report-endpoint" default_src: :self object_src: :none font_src: - :self - *GOOGLE_STATIC - https://fonts.gstatic.com style_src: - *SELF_AND_DATA - :unsafe_inline img_src: - *SELF_AND_DATA - *GOOGLE_STATIC - https://s3.amazonaws.com