Module: SecureHeaders::ViewHelpers

Includes:

HashHelper

Included in:

ActionView::Base

Defined in:

lib/secure_headers/view_helper.rb

Constant Summary

SECURE_HEADERS_RAKE_TASK =

"rake secure_headers:generate_hashes"

Instance Method Summary

• #hashed_javascript_tag(raise_error_on_unrecognized_hash = false, &block) ⇒ Object
• #nonced_javascript_tag(content = nil, &block) ⇒ Object
• #nonced_style_tag(content = nil, &block) ⇒ Object

Methods included from HashHelper

#hash_source

Instance Method Details

#hashed_javascript_tag(raise_error_on_unrecognized_hash = false, &block) ⇒ Object

# File 'lib/secure_headers/view_helper.rb', line 18

def hashed_javascript_tag(raise_error_on_unrecognized_hash = false, &block)
  content = capture(&block)

  if ['development', 'test'].include?(ENV["RAILS_ENV"])
    hash_value = hash_source(content)
    file_path = File.join('app', 'views', self.instance_variable_get(:@virtual_path) + '.html.erb')
    script_hashes = controller.instance_variable_get(:@script_hashes)[file_path]
    unless script_hashes && script_hashes.include?(hash_value)
      message = unexpected_hash_error_message(file_path, hash_value, content)
      if raise_error_on_unrecognized_hash
        raise UnexpectedHashedScriptException.new(message)
      else
        request.env[HASHES_ENV_KEY] = (request.env[HASHES_ENV_KEY] || []) << hash_value
      end
    end
  end

  content_tag :script, content
end

#nonced_javascript_tag(content = nil, &block) ⇒ Object

# File 'lib/secure_headers/view_helper.rb', line 14

def nonced_javascript_tag(content = nil, &block)
  nonced_tag(content, :script, block)
end

#nonced_style_tag(content = nil, &block) ⇒ Object

# File 'lib/secure_headers/view_helper.rb', line 10

def nonced_style_tag(content = nil, &block)
  nonced_tag(content, :style, block)
end