Class: SecureHeaders::ContentSecurityPolicy::FirefoxBrowserStrategy
- Inherits:
-
BrowserStrategy
- Object
- BrowserStrategy
- SecureHeaders::ContentSecurityPolicy::FirefoxBrowserStrategy
show all
- Defined in:
- lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb
Instance Method Summary
collapse
build, #initialize, #name
Instance Method Details
#build_firefox_specific_preamble(default_src_value) ⇒ Object
30
31
32
33
34
35
36
37
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 30
def build_firefox_specific_preamble(default_src_value)
= ''
+= "allow #{default_src_value.join(" ")}; " if default_src_value.any?
options_directive = build_options_directive
+= "options #{options_directive.join(" ")}; " if options_directive.any?
end
|
#build_impl_specific_directives(default) ⇒ Object
26
27
28
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 26
def build_impl_specific_directives(default)
build_firefox_specific_preamble(default) || ''
end
|
#build_options_directive ⇒ Object
moves inline/eval values from script-src to options discards those values in the style-src directive
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 41
def build_options_directive
options_directive = []
config.each do |directive, val|
next if val.is_a?(String)
new_val = []
val.each do |token|
if ['inline-script', 'eval-script'].include?(token)
unless directive?(directive, "style_src") || options_directive.include?(token)
options_directive << token
end
else
new_val << token
end
end
config[directive] = new_val
end
options_directive
end
|
#directive?(val, name) ⇒ Boolean
63
64
65
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 63
def directive? val, name
val.to_s.casecmp(name) == 0
end
|
#filter_unsupported_directives(config) ⇒ Object
16
17
18
19
20
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 16
def filter_unsupported_directives(config)
config = config.dup
config[:xhr_src] = config.delete(:connect_src) if config[:connect_src]
config
end
|
#normalize_reporting_endpoint? ⇒ Boolean
67
68
69
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 67
def normalize_reporting_endpoint?
true
end
|
#translate_inline_or_eval(val) ⇒ Object
22
23
24
|
# File 'lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb', line 22
def translate_inline_or_eval val
val == 'inline' ? 'inline-script' : 'eval-script'
end
|