How to display the csp setting at Chrome Response Headers?

[chongfai13]

As like the title, I would like to display all the settings at the /config/initializers/secure_headers.rb in the response header.

1. What I do is open chrome DevTools, Network > refresh page > Click on header (find attached screenshot).

Would appreciate for your kind assist.

[oreoshake]

Hello @chongfai13, did you mean to attach a screenshot?

I would like to display all the settings at the /config/initializers/secure_headers.rb

Just to confirm, you want to see what the underlying ruby object? So the output of SecureHeaders::Configuration.dup.csp? Something like:

 @base_uri=nil,
 @block_all_mixed_content=nil,
 @child_src=nil,
 @connect_src=nil,
 @default_src=["'self'", "https:"],
 @disable_nonce_backwards_compatibility=nil,
 @font_src=["'self'", "https:", "data:"],
 @form_action=nil,
 @frame_ancestors=nil,
 @frame_src=nil,
 @img_src=["'self'", "https:", "data:"],
 @manifest_src=nil,
 @media_src=nil,
 @navigate_to=nil,
 @object_src=["'none'"],
 @plugin_types=nil,
 @prefetch_src=nil,
 @preserve_schemes=nil,
 @report_only=nil,
 @report_uri=nil,
 @require_sri_for=nil,
 @sandbox=nil,
 @script_nonce=nil,
 @script_src=["https:"],
 @style_nonce=nil,
 @style_src=["'self'", "https:", "'unsafe-inline'"],
 @upgrade_insecure_requests=nil,
 @worker_src=nil>

[chongfai13]

I manage to solve this issue, by default the setting is showing all option at the response header.

2. I have another issue might need your assist, is to create the random sha256 for scp.
   https://github.com/github/secure_headers/issues/432

[dorianmariecom]

(correct url: #432)