Class: Roda::RodaPlugins::ContentSecurityPolicy::Policy

Inherits:

Object

• Object
• Roda::RodaPlugins::ContentSecurityPolicy::Policy

Defined in:

lib/roda/plugins/content_security_policy.rb

Overview

Represents a content security policy.

Instance Method Summary

• #clear ⇒ Object

  Clear all settings, useful to remove any inherited settings.

• #freeze ⇒ Object

  Do not allow future modifications to any settings.

• #header_key ⇒ Object

  The header name to use, depends on whether report only mode has been enabled.

• #header_value ⇒ Object

  The header value to use.

• #initialize ⇒ Policy constructor

  A new instance of Policy.

• #report_only(report = true) ⇒ Object

  Set whether the Content-Security-Policy-Report-Only header instead of the default Content-Security-Policy header.

• #report_only? ⇒ Boolean

  Whether this policy uses report only mode.

• #set_header(headers) ⇒ Object

  Set the current policy in the headers hash.

Constructor Details

#initialize ⇒ Policy

Returns a new instance of Policy.

# File 'lib/roda/plugins/content_security_policy.rb', line 188

def initialize
  clear
end

Instance Method Details

#clear ⇒ Object

Clear all settings, useful to remove any inherited settings.

# File 'lib/roda/plugins/content_security_policy.rb', line 193

def clear
  @opts = {}
end

#freeze ⇒ Object

Do not allow future modifications to any settings.

# File 'lib/roda/plugins/content_security_policy.rb', line 198

def freeze
  @opts.freeze
  header_value.freeze
  super
end

#header_key ⇒ Object

The header name to use, depends on whether report only mode has been enabled.

# File 'lib/roda/plugins/content_security_policy.rb', line 205

def header_key
  @report_only ? RodaResponseHeaders::CONTENT_SECURITY_POLICY_REPORT_ONLY : RodaResponseHeaders::CONTENT_SECURITY_POLICY
end

#header_value ⇒ Object

The header value to use.

# File 'lib/roda/plugins/content_security_policy.rb', line 210

def header_value
  return @header_value if @header_value

  s = String.new
  @opts.each do |k, vs|
    s << k
    unless vs == true
      vs.each{|v| append_formatted_value(s, v)}
    end
    s << '; '
  end
  @header_value = s
end

#report_only(report = true) ⇒ Object

Set whether the Content-Security-Policy-Report-Only header instead of the default Content-Security-Policy header.

# File 'lib/roda/plugins/content_security_policy.rb', line 226

def report_only(report=true)
  @report_only = report
end

#report_only? ⇒ Boolean

Whether this policy uses report only mode.

Returns:

• (Boolean)

# File 'lib/roda/plugins/content_security_policy.rb', line 231

def report_only?
  !!@report_only
end

#set_header(headers) ⇒ Object

Set the current policy in the headers hash. If no settings have been made in the policy, does not set a header.

# File 'lib/roda/plugins/content_security_policy.rb', line 237

def set_header(headers)
  return if @opts.empty?
  headers[header_key] ||= header_value
end