Class: Pah::Templates::SecureHeader
- Inherits:
-
Pah::Template
- Object
- Rails::Generators::Base
- Pah::Template
- Pah::Templates::SecureHeader
- Defined in:
- lib/pah/templates/secure_headers.rb
Instance Method Summary collapse
Methods inherited from Pah::Template
#ask_unless_test, #copy_static_file, #git_commit, #static_files, #will_you_like_to?
Instance Method Details
#call ⇒ Object
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/pah/templates/secure_headers.rb', line 4 def call create_file 'config/initializers/secure_headers.rb' do <<-EOF ::SecureHeaders::Configuration.configure do |config| config.hsts = "max-age=#{20.years.to_i}; includeSubdomains; preload" config.x_frame_options = 'DENY' config.x_content_type_options = "nosniff" config.x_xss_protection = "1; mode=block" config.csp = { report_only: Rails.env.production?, # for the Content-Security-Policy-Report-Only header preserve_schemes: false, # default: false. default_src: %w(*), # all allowed in the beginning script_src: %w('self' 'unsafe-inline'), # scripts only allowed in external files from the same origin connect_src: %w('self'), # Ajax may connect only to the same origin style_src: %w('self' 'unsafe-inline'), # styles only allowed in external files from the same origin and in style attributes (for now) # report_uri: ["/csp_report?report_only=#{Rails.env.production?}"] # violation reports will be sent here } end EOF end git add: 'config/initializers/secure_headers.rb' git_commit 'Add secure headers.' end |