Module: SecureHeaders::InstanceMethods

Defined in:

lib/secure_headers.rb

Instance Method Summary

• #set_a_header(name, klass, options = nil) ⇒ Object
• #set_csp_header(request, options = nil) ⇒ Object
• #set_header(name, value) ⇒ Object
• #set_hsts_header(options = nil) ⇒ Object
• #set_security_headers(options = self.class.secure_headers_options) ⇒ Object
• #set_x_content_type_options_header(options = nil) ⇒ Object
• #set_x_frame_options_header(options = nil) ⇒ Object
• #set_x_xss_protection_header(options = nil) ⇒ Object

Instance Method Details

#set_a_header(name, klass, options = nil) ⇒ Object

# File 'lib/secure_headers.rb', line 70

def set_a_header(name, klass, options=nil)
  options = self.class.options_for name, options
  return if options == false

  header = klass.new(options)
  set_header(header.name, header.value)
end

#set_csp_header(request, options = nil) ⇒ Object

# File 'lib/secure_headers.rb', line 58

def set_csp_header(request, options=nil)
  options = self.class.options_for :csp, options
  return if options == false

  header = ContentSecurityPolicy.new(options, :request => request)
  set_header(header.name, header.value)
  if options && options[:experimental] && options[:enforce]
    header = ContentSecurityPolicy.new(options, :experimental => true, :request => request)
    set_header(header.name, header.value)
  end
end

#set_header(name, value) ⇒ Object

# File 'lib/secure_headers.rb', line 94

def set_header(name, value)
  response.headers[name] = value
end

#set_hsts_header(options = nil) ⇒ Object

# File 'lib/secure_headers.rb', line 90

def set_hsts_header(options=nil)
  set_a_header(:hsts, StrictTransportSecurity, options)
end

#set_security_headers(options = self.class.secure_headers_options) ⇒ Object

# File 'lib/secure_headers.rb', line 47

def set_security_headers(options = self.class.secure_headers_options)
  brwsr = Brwsr::Browser.new(:ua => request.env['HTTP_USER_AGENT'])
  set_hsts_header(options[:hsts]) if request.ssl?
  set_x_frame_options_header(options[:x_frame_options])
  set_csp_header(request, options[:csp]) unless broken_implementation?(brwsr)
  set_x_xss_protection_header(options[:x_xss_protection])
  if brwsr.ie?
    set_x_content_type_options_header(options[:x_content_type_options])
  end
end

#set_x_content_type_options_header(options = nil) ⇒ Object

# File 'lib/secure_headers.rb', line 82

def set_x_content_type_options_header(options=nil)
  set_a_header(:x_content_type_options, XContentTypeOptions, options)
end

#set_x_frame_options_header(options = nil) ⇒ Object

# File 'lib/secure_headers.rb', line 78

def set_x_frame_options_header(options=nil)
  set_a_header(:x_frame_options, XFrameOptions, options)
end

#set_x_xss_protection_header(options = nil) ⇒ Object

# File 'lib/secure_headers.rb', line 86

def set_x_xss_protection_header(options=nil)
  set_a_header(:x_xss_protection, XXssProtection, options)
end