YamlCspConfig is a Ruby gem that helps developers more easily maintain and update their Content Security Policies (CSP). The gem allows developers to define their CSP configuration in a YAML file instead of using the Rails DSL. This makes it easier to read and maintain the configuration, as well as making it more structured. Developers can also create Rails environment-specific configurations, extend their CSP configuration via environment variables, and include ERB in their YAML file. This gem makes managing CSPs easier and more efficient.

self_and_data_uri_policy: &SELF_AND_DATA
  - :self
  - :data

google_static_hosts: &GOOGLE_STATIC
  - https://*.googleapis.com
  - https://*.gstatic.com

  # Base config
  report_uri: "/csp-violation-report-endpoint"

  default_src: :self

  object_src: :none

    - :self
    - https://fonts.gstatic.com
    - :unsafe_inline
    - https://s3.amazonaws.com