Module: SecureHeaders::InstanceMethods
- Defined in:
- lib/secure_headers.rb
Instance Method Summary collapse
- #set_a_header(name, klass, options = nil) ⇒ Object
- #set_csp_header(request, options = nil) ⇒ Object
- #set_header(name, value) ⇒ Object
- #set_hsts_header(options = nil) ⇒ Object
- #set_security_headers(options = self.class.secure_headers_options) ⇒ Object
- #set_x_content_type_options_header(options = nil) ⇒ Object
- #set_x_frame_options_header(options = nil) ⇒ Object
- #set_x_xss_protection_header(options = nil) ⇒ Object
Instance Method Details
#set_a_header(name, klass, options = nil) ⇒ Object
70 71 72 73 74 75 76 |
# File 'lib/secure_headers.rb', line 70 def set_a_header(name, klass, =nil) = self.class. name, return if == false header = klass.new() set_header(header.name, header.value) end |
#set_csp_header(request, options = nil) ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/secure_headers.rb', line 58 def set_csp_header(request, =nil) = self.class. :csp, return if == false header = ContentSecurityPolicy.new(, :request => request) set_header(header.name, header.value) if && [:experimental] && [:enforce] header = ContentSecurityPolicy.new(, :experimental => true, :request => request) set_header(header.name, header.value) end end |
#set_header(name, value) ⇒ Object
94 95 96 |
# File 'lib/secure_headers.rb', line 94 def set_header(name, value) response.headers[name] = value end |
#set_hsts_header(options = nil) ⇒ Object
90 91 92 |
# File 'lib/secure_headers.rb', line 90 def set_hsts_header(=nil) set_a_header(:hsts, StrictTransportSecurity, ) end |
#set_security_headers(options = self.class.secure_headers_options) ⇒ Object
47 48 49 50 51 52 53 54 55 56 |
# File 'lib/secure_headers.rb', line 47 def set_security_headers( = self.class.) brwsr = Brwsr::Browser.new(:ua => request.env['HTTP_USER_AGENT']) set_hsts_header([:hsts]) if request.ssl? ([:x_frame_options]) set_csp_header(request, [:csp]) unless broken_implementation?(brwsr) set_x_xss_protection_header([:x_xss_protection]) if brwsr.ie? ([:x_content_type_options]) end end |
#set_x_content_type_options_header(options = nil) ⇒ Object
82 83 84 |
# File 'lib/secure_headers.rb', line 82 def (=nil) set_a_header(:x_content_type_options, XContentTypeOptions, ) end |
#set_x_frame_options_header(options = nil) ⇒ Object
78 79 80 |
# File 'lib/secure_headers.rb', line 78 def (=nil) set_a_header(:x_frame_options, XFrameOptions, ) end |
#set_x_xss_protection_header(options = nil) ⇒ Object
86 87 88 |
# File 'lib/secure_headers.rb', line 86 def set_x_xss_protection_header(=nil) set_a_header(:x_xss_protection, XXssProtection, ) end |