Class: SecureHeaders::XFrameOptions
- Inherits:
-
Object
- Object
- SecureHeaders::XFrameOptions
- Defined in:
- lib/secure_headers/headers/x_frame_options.rb
Constant Summary collapse
- HEADER_NAME =
"X-Frame-Options".freeze
- SAMEORIGIN =
"sameorigin"- DENY =
"deny"- ALLOW_FROM =
"allow-from"- ALLOW_ALL =
"allowall"- DEFAULT_VALUE =
SAMEORIGIN- VALID_XFO_HEADER =
/\A(#{SAMEORIGIN}\z|#{DENY}\z|#{ALLOW_ALL}\z|#{ALLOW_FROM}[:\s])/i
Class Method Summary collapse
-
.make_header(config = nil, user_agent = nil) ⇒ Object
Public: generate an X-Frame-Options header.
- .validate_config!(config) ⇒ Object
Class Method Details
.make_header(config = nil, user_agent = nil) ⇒ Object
Public: generate an X-Frame-Options header.
Returns a default header if no configuration is provided, or a header name and value based on the config.
18 19 20 21 |
# File 'lib/secure_headers/headers/x_frame_options.rb', line 18 def make_header(config = nil, user_agent = nil) return if config == OPT_OUT [HEADER_NAME, config || DEFAULT_VALUE] end |
.validate_config!(config) ⇒ Object
23 24 25 26 27 28 29 |
# File 'lib/secure_headers/headers/x_frame_options.rb', line 23 def validate_config!(config) return if config.nil? || config == OPT_OUT raise TypeError.new("Must be a string. Found #{config.class}: #{config}") unless config.is_a?(String) unless config =~ VALID_XFO_HEADER raise XFOConfigError.new("Value must be SAMEORIGIN|DENY|ALLOW-FROM:|ALLOWALL") end end |