ruby-on-rails ruby rubygems http-headers discourse

Adding CSP header by merging headers

I am trying to create a vary basic .rb plugin (based on the now obsolete in chrome) discourse-allowall which will merge the CSP header to the default ones but cant get it to work.

The below does not seem to do it.

Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "frame-ancestors 'http://mylocal.com.localhost'"})

I literally have 0 experience with ruby so need to know:

If thats possible
The correct syntax for defining the above header and merging it with the default ones

NOTE: End goal is to allow for the application to be frameable by 2 specific domains.

Solution

My syntax was off and this is working fine now. Correct syntax is like:

Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "frame-ancestors *"})

Put it up on github in case someone wants to use it as a plugin: https://github.com/mkatrantzis/testDiscourseCSP

Should I write a test for each required attribute in a Rails model or is one enough?
has_many with multi-level hierarchy and single table inheritance
uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger (NameError)
PG::UndefinedTable: ERROR: relation "action_text_rich_texts" does not exist | Rails 6 | Rails_Admin | Postgresql
Rails link to file in public folder
RubyOnRails use .where query with has_one - belongs_to relationship
Stimulus Not Setting focus for newly connected Controllers
Unable to install Tailwind on Rails 8 App
Use separate DB for delayed_job
Rails 4 scope NOTNULL refactor
Custom Rails Validation (Doesn't seem to be working)
Strange bundle update issue: disappearing net-pop (0.1.2) dependency
Get list of routes for a resource in Rails
Is it possible to look up a route in Rails by a given url?
Rails attempting to throttle my API with rack-attack. Unsure if it's working?
Rubocop RSpec/MultipleMemoizedHelpers issue on pundit spec tests
How to make Google Stackdriver works with Rails 7.1+
NoMethodError raised on jira-ruby gem: undefined method `presence` for "":String
Examples of Ruby on rails + aws congnito
How can I skip an error if find returns nothing in rails?
How to tell which version of a gem a rails app is using
Rails Remote form validation errors not showing
How to free up friendly_id slugs when destroying a record?
Ruby on Rails - How can I use UUID as a simple column in my project?
Ruby 3.0.2 installation build fails with "error: 'maybe_unused' attribute cannot be applied to types"
How to convert PDF files to images using RMagick and Ruby
Cannot use "link_to" or "button_to" in Rails 4.2 with Semantic-UI
redirect_to != return
Rails: How to list database tables/objects using the Rails console?
after upgrading to rails 7, active record objects no longer show attributes?