Class: Radical::SecurityHeaders

Inherits:

Object

Object
Radical::SecurityHeaders

show all

Defined in:: lib/radical/security_headers.rb

Constant Summary collapse

DEFAULT_HEADERS =

{
  'X-Content-Type-Options' => 'nosniff',
  'X-Frame-Options' => 'deny',
  'X-XSS-Protection' => '1; mode=block',
  'X-Permitted-Cross-Domain-Policies' => 'none',
  'Strict-Transport-Security' => 'max-age=31536000;, max-age=31536000; includeSubdomains',
  'Content-Security-Policy' => "default-src 'none'; style-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; font-src 'self'; form-action 'self'; base-uri 'none'; frame-ancestors 'none'; block-all-mixed-content;"
}.freeze

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, headers) ⇒ SecurityHeaders constructor

A new instance of SecurityHeaders.

Constructor Details

#initialize(app, headers) ⇒ `SecurityHeaders`

Returns a new instance of SecurityHeaders.

# File 'lib/radical/security_headers.rb', line 14

def initialize(app, headers)
  @app = app
  @headers = DEFAULT_HEADERS.merge(headers)
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/radical/security_headers.rb', line 19

def call(env)
  @app.call(env).tap do |_, headers|
    @headers.each do |k, v|
      headers[k] ||= v
    end
  end
end

Class: Radical::SecurityHeaders

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, headers) ⇒ SecurityHeaders

Instance Method Details

#call(env) ⇒ Object

#initialize(app, headers) ⇒ `SecurityHeaders`

#call(env) ⇒ `Object`