Module: SecureHeaders::InstanceMethods
- Defined in:
- lib/secure_headers.rb
Instance Method Summary collapse
- #brwsr ⇒ Object
-
#set_csp_header(req = nil, options = nil) ⇒ Object
backwards compatibility jank, to be removed in 1.0.
- #set_hsts_header(options = self.class.secure_headers_options[:hsts]) ⇒ Object
- #set_x_content_type_options_header(options = self.class.secure_headers_options[:x_content_type_options]) ⇒ Object
- #set_x_frame_options_header(options = self.class.secure_headers_options[:x_frame_options]) ⇒ Object
- #set_x_xss_protection_header(options = self.class.secure_headers_options[:x_xss_protection]) ⇒ Object
Instance Method Details
#brwsr ⇒ Object
51 52 53 |
# File 'lib/secure_headers.rb', line 51 def brwsr @secure_headers_brwsr ||= Brwsr::Browser.new(:ua => request.env['HTTP_USER_AGENT']) end |
#set_csp_header(req = nil, options = nil) ⇒ Object
backwards compatibility jank, to be removed in 1.0. Old API required a request object when it didn’t really need to. set_csp_header - uses the request accessor and SecureHeader::Configuration settings set_csp_header(Rack::Request
) - uses the parameter and and SecureHeader::Configuration settings set_csp_header(Hash
) - uses the request accessor and options from parameters set_csp_header(Rack::Request
, Hash
)
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/secure_headers.rb', line 61 def set_csp_header(req = nil, =nil) return if broken_implementation?(brwsr) if req.is_a?(Hash) = req elsif req @secure_headers_brwsr = Brwsr::Browser.new(:ua => req.env['HTTP_USER_AGENT']) end = self.class.[:csp] if .nil? = self.class. :csp, return if == false csp_header = ContentSecurityPolicy.new(, :request => request, :controller => self) set_header(csp_header) if && [:experimental] && [:enforce] experimental_header = ContentSecurityPolicy.new(, :experimental => true, :request => request, :controller => self) set_header(experimental_header) end end |
#set_hsts_header(options = self.class.secure_headers_options[:hsts]) ⇒ Object
96 97 98 99 |
# File 'lib/secure_headers.rb', line 96 def set_hsts_header(=self.class.[:hsts]) return unless request.ssl? set_a_header(:hsts, StrictTransportSecurity, ) end |
#set_x_content_type_options_header(options = self.class.secure_headers_options[:x_content_type_options]) ⇒ Object
87 88 89 90 |
# File 'lib/secure_headers.rb', line 87 def (=self.class.[:x_content_type_options]) return unless brwsr.ie? || brwsr.chrome? set_a_header(:x_content_type_options, XContentTypeOptions, ) end |
#set_x_frame_options_header(options = self.class.secure_headers_options[:x_frame_options]) ⇒ Object
83 84 85 |
# File 'lib/secure_headers.rb', line 83 def (=self.class.[:x_frame_options]) set_a_header(:x_frame_options, XFrameOptions, ) end |
#set_x_xss_protection_header(options = self.class.secure_headers_options[:x_xss_protection]) ⇒ Object
92 93 94 |
# File 'lib/secure_headers.rb', line 92 def set_x_xss_protection_header(=self.class.[:x_xss_protection]) set_a_header(:x_xss_protection, XXssProtection, ) end |