Class: SecureHeaders::Configuration
- Inherits:
-
Object
- Object
- SecureHeaders::Configuration
- Defined in:
- lib/secure_headers/configuration.rb
Defined Under Namespace
Classes: IllegalPolicyModificationError, NotYetConfiguredError
Constant Summary collapse
- DEFAULT_CONFIG =
:default
- NOOP_CONFIGURATION =
"secure_headers_noop_config"
- HASH_CONFIG_FILE =
ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"
Instance Attribute Summary collapse
-
#cached_headers ⇒ Object
readonly
Returns the value of attribute cached_headers.
-
#clear_site_data ⇒ Object
writeonly
Sets the attribute clear_site_data.
-
#cookies ⇒ Object
readonly
Returns the value of attribute cookies.
-
#csp ⇒ Object
Returns the value of attribute csp.
-
#csp_report_only ⇒ Object
Returns the value of attribute csp_report_only.
-
#expect_certificate_transparency ⇒ Object
writeonly
Sets the attribute expect_certificate_transparency.
-
#hpkp ⇒ Object
readonly
Returns the value of attribute hpkp.
-
#hpkp_report_host ⇒ Object
readonly
Returns the value of attribute hpkp_report_host.
-
#hsts ⇒ Object
writeonly
Sets the attribute hsts.
-
#referrer_policy ⇒ Object
writeonly
Sets the attribute referrer_policy.
-
#x_content_type_options ⇒ Object
writeonly
Sets the attribute x_content_type_options.
-
#x_download_options ⇒ Object
writeonly
Sets the attribute x_download_options.
-
#x_frame_options ⇒ Object
writeonly
Sets the attribute x_frame_options.
-
#x_permitted_cross_domain_policies ⇒ Object
writeonly
Sets the attribute x_permitted_cross_domain_policies.
-
#x_xss_protection ⇒ Object
writeonly
Sets the attribute x_xss_protection.
Class Method Summary collapse
-
.default(&block) ⇒ Object
(also: configure)
Public: Set the global default configuration.
-
.get(name = DEFAULT_CONFIG, internal: false) ⇒ Object
Public: retrieve a global configuration object.
- .named_append(name, target = nil, &block) ⇒ Object
- .named_appends(name) ⇒ Object
-
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
Instance Method Summary collapse
-
#dup ⇒ Object
Public: copy everything but the cached headers.
-
#initialize(&block) ⇒ Configuration
constructor
A new instance of Configuration.
- #opt_out(header) ⇒ Object
- #secure_cookies=(secure_cookies) ⇒ Object
- #update_x_frame_options(value) ⇒ Object
-
#validate_config! ⇒ Object
Public: validates all configurations values.
Constructor Details
#initialize(&block) ⇒ Configuration
Returns a new instance of Configuration.
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'lib/secure_headers/configuration.rb', line 138 def initialize(&block) @cookies = self.class.send(:deep_copy_if_hash, Cookie::COOKIE_DEFAULTS) @clear_site_data = nil @csp = nil @csp_report_only = nil @hpkp_report_host = nil @hpkp = nil @hsts = nil @x_content_type_options = nil @x_download_options = nil @x_frame_options = nil @x_permitted_cross_domain_policies = nil @x_xss_protection = nil @expect_certificate_transparency = nil self.hpkp = OPT_OUT self.referrer_policy = OPT_OUT self.csp = ContentSecurityPolicyConfig.new(ContentSecurityPolicyConfig::DEFAULT) self.csp_report_only = OPT_OUT instance_eval(&block) if block_given? end |
Instance Attribute Details
#cached_headers ⇒ Object
Returns the value of attribute cached_headers.
126 127 128 |
# File 'lib/secure_headers/configuration.rb', line 126 def cached_headers @cached_headers end |
#clear_site_data=(value) ⇒ Object (writeonly)
Sets the attribute clear_site_data
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def clear_site_data=(value) @clear_site_data = value end |
#cookies ⇒ Object
Returns the value of attribute cookies.
126 127 128 |
# File 'lib/secure_headers/configuration.rb', line 126 def @cookies end |
#csp ⇒ Object
Returns the value of attribute csp.
126 127 128 |
# File 'lib/secure_headers/configuration.rb', line 126 def csp @csp end |
#csp_report_only ⇒ Object
Returns the value of attribute csp_report_only.
126 127 128 |
# File 'lib/secure_headers/configuration.rb', line 126 def csp_report_only @csp_report_only end |
#expect_certificate_transparency=(value) ⇒ Object (writeonly)
Sets the attribute expect_certificate_transparency
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def expect_certificate_transparency=(value) @expect_certificate_transparency = value end |
#hpkp ⇒ Object
Returns the value of attribute hpkp.
126 127 128 |
# File 'lib/secure_headers/configuration.rb', line 126 def hpkp @hpkp end |
#hpkp_report_host ⇒ Object
Returns the value of attribute hpkp_report_host.
126 127 128 |
# File 'lib/secure_headers/configuration.rb', line 126 def hpkp_report_host @hpkp_report_host end |
#hsts=(value) ⇒ Object (writeonly)
Sets the attribute hsts
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def hsts=(value) @hsts = value end |
#referrer_policy=(value) ⇒ Object (writeonly)
Sets the attribute referrer_policy
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def referrer_policy=(value) @referrer_policy = value end |
#x_content_type_options=(value) ⇒ Object (writeonly)
Sets the attribute x_content_type_options
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def (value) @x_content_type_options = value end |
#x_download_options=(value) ⇒ Object (writeonly)
Sets the attribute x_download_options
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def (value) @x_download_options = value end |
#x_frame_options=(value) ⇒ Object (writeonly)
Sets the attribute x_frame_options
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def (value) @x_frame_options = value end |
#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)
Sets the attribute x_permitted_cross_domain_policies
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def x_permitted_cross_domain_policies=(value) @x_permitted_cross_domain_policies = value end |
#x_xss_protection=(value) ⇒ Object (writeonly)
Sets the attribute x_xss_protection
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def x_xss_protection=(value) @x_xss_protection = value end |
Class Method Details
.default(&block) ⇒ Object Also known as: configure
Public: Set the global default configuration.
Optionally supply a block to override the defaults set by this library.
Returns the newly created config.
16 17 18 19 20 |
# File 'lib/secure_headers/configuration.rb', line 16 def default(&block) config = new(&block) add_noop_configuration add_configuration(DEFAULT_CONFIG, config) end |
.get(name = DEFAULT_CONFIG, internal: false) ⇒ Object
Public: retrieve a global configuration object
Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.
43 44 45 46 47 48 49 50 51 52 |
# File 'lib/secure_headers/configuration.rb', line 43 def get(name = DEFAULT_CONFIG, internal: false) unless internal Kernel.warn "#{Kernel.caller.first}: [DEPRECATION] `#get` is deprecated. It will be removed in the next major release. Use SecureHeaders::Configuration.dup to retrieve the default config." end if @configurations.nil? raise NotYetConfiguredError, "Default policy not yet supplied" end @configurations[name] end |
.named_append(name, target = nil, &block) ⇒ Object
59 60 61 62 63 |
# File 'lib/secure_headers/configuration.rb', line 59 def named_append(name, target = nil, &block) @appends ||= {} raise "Provide a configuration block" unless block_given? @appends[name] = block end |
.named_appends(name) ⇒ Object
54 55 56 57 |
# File 'lib/secure_headers/configuration.rb', line 54 def named_appends(name) @appends ||= {} @appends[name] end |
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.
Returns: the newly created config
30 31 32 33 34 35 36 37 |
# File 'lib/secure_headers/configuration.rb', line 30 def override(name, base = DEFAULT_CONFIG, &block) unless get(base, internal: true) raise NotYetConfiguredError, "#{base} policy not yet supplied" end override = @configurations[base].dup override.instance_eval(&block) if block_given? add_configuration(name, override) end |
Instance Method Details
#dup ⇒ Object
Public: copy everything but the cached headers
Returns a deep-dup’d copy of this configuration.
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/secure_headers/configuration.rb', line 164 def dup copy = self.class.new copy. = self.class.send(:deep_copy_if_hash, @cookies) copy.csp = @csp.dup if @csp copy.csp_report_only = @csp_report_only.dup if @csp_report_only copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers) copy. = @x_content_type_options copy.hsts = @hsts copy. = @x_frame_options copy.x_xss_protection = @x_xss_protection copy. = @x_download_options copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies copy.clear_site_data = @clear_site_data copy.expect_certificate_transparency = @expect_certificate_transparency copy.referrer_policy = @referrer_policy copy.hpkp = @hpkp copy.hpkp_report_host = @hpkp_report_host copy end |
#opt_out(header) ⇒ Object
184 185 186 187 |
# File 'lib/secure_headers/configuration.rb', line 184 def opt_out(header) send("#{header}=", OPT_OUT) self.cached_headers.delete(header) end |
#secure_cookies=(secure_cookies) ⇒ Object
215 216 217 |
# File 'lib/secure_headers/configuration.rb', line 215 def () raise ArgumentError, "#{Kernel.caller.first}: `#secure_cookies=` is no longer supported. Please use `#cookies=` to configure secure cookies instead." end |
#update_x_frame_options(value) ⇒ Object
189 190 191 192 |
# File 'lib/secure_headers/configuration.rb', line 189 def (value) @x_frame_options = value self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value) end |
#validate_config! ⇒ Object
Public: validates all configurations values.
Raises various configuration errors if any invalid config is detected.
Returns nothing
199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
# File 'lib/secure_headers/configuration.rb', line 199 def validate_config! StrictTransportSecurity.validate_config!(@hsts) ContentSecurityPolicy.validate_config!(@csp) ContentSecurityPolicy.validate_config!(@csp_report_only) ReferrerPolicy.validate_config!(@referrer_policy) XFrameOptions.validate_config!(@x_frame_options) XContentTypeOptions.validate_config!(@x_content_type_options) XXssProtection.validate_config!(@x_xss_protection) XDownloadOptions.validate_config!(@x_download_options) XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies) ClearSiteData.validate_config!(@clear_site_data) ExpectCertificateTransparency.validate_config!(@expect_certificate_transparency) PublicKeyPins.validate_config!(@hpkp) Cookie.validate_config!(@cookies) end |