Switch to using rails builtin content security policy support

[rails.git] / app / controllers / export_controller.rb

diff --git a/app/controllers/export_controller.rb b/app/controllers/export_controller.rb
index 94851de96485741758d681a1247be029c402dc17..cddc97b6883e13044601c5b4a3a24b1f84d83f74 100644 (file)
--- a/app/controllers/export_controller.rb
+++ b/app/controllers/export_controller.rb
@@ -4,6 +4,10 @@ class ExportController < ApplicationController
   before_action :update_totp, :only => [:finish]
   authorize_resource :class => false
 
+  content_security_policy(:only => :embed) do |policy|
+    policy.frame_ancestors("*")
+  end
+
   caches_page :embed
 
   # When the user clicks 'Export' we redirect to a URL which generates the export download
@@ -25,9 +29,5 @@ class ExportController < ApplicationController
     end
   end
 
-  def embed
-    append_content_security_policy_directives(
-      :frame_ancestors => %w[*]
-    )
-  end
+  def embed; end
 end