Class: SecureHeaders::Configuration
- Inherits:
-
Object
- Object
- SecureHeaders::Configuration
- Defined in:
- lib/secure_headers/configuration.rb
Defined Under Namespace
Classes: AlreadyConfiguredError, IllegalPolicyModificationError, NotYetConfiguredError
Constant Summary collapse
- DEFAULT_CONFIG =
:default
- NOOP_OVERRIDE =
"secure_headers_noop_override"
- CONFIG_ATTRIBUTES_TO_HEADER_CLASSES =
{ hsts: StrictTransportSecurity, x_frame_options: XFrameOptions, x_content_type_options: XContentTypeOptions, x_xss_protection: XXssProtection, x_download_options: XDownloadOptions, x_permitted_cross_domain_policies: XPermittedCrossDomainPolicies, referrer_policy: ReferrerPolicy, clear_site_data: ClearSiteData, expect_certificate_transparency: ExpectCertificateTransparency, csp: ContentSecurityPolicy, csp_report_only: ContentSecurityPolicy, cookies: Cookie, }.freeze
- CONFIG_ATTRIBUTES =
CONFIG_ATTRIBUTES_TO_HEADER_CLASSES.keys.freeze
- VALIDATABLE_ATTRIBUTES =
The list of attributes that must respond to a ‘validate_config!` method
CONFIG_ATTRIBUTES
- HEADERABLE_ATTRIBUTES =
The list of attributes that must respond to a ‘make_header` method
(CONFIG_ATTRIBUTES - [:cookies]).freeze
- HASH_CONFIG_FILE =
ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"
Class Method Summary collapse
-
.default(&block) ⇒ Object
(also: configure)
Public: Set the global default configuration.
- .dup ⇒ Object
- .named_append(name, &block) ⇒ Object
- .named_appends(name) ⇒ Object
-
.override(name, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
- .overrides(name) ⇒ Object
Instance Method Summary collapse
- #csp=(new_csp) ⇒ Object
-
#csp_report_only=(new_csp) ⇒ Object
Configures the content-security-policy-report-only header.
-
#dup ⇒ Object
Public: copy everything.
- #generate_headers ⇒ Object
-
#initialize(&block) ⇒ Configuration
constructor
A new instance of Configuration.
- #opt_out(header) ⇒ Object
-
#override(name = nil, &block) ⇒ Object
Public: Apply a named override to the current config.
- #secure_cookies=(secure_cookies) ⇒ Object
- #update_x_frame_options(value) ⇒ Object
-
#validate_config! ⇒ Object
Public: validates all configurations values.
Constructor Details
#initialize(&block) ⇒ Configuration
Returns a new instance of Configuration.
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/secure_headers/configuration.rb', line 158 def initialize(&block) = self.class.send(:deep_copy_if_hash, Cookie::COOKIE_DEFAULTS) @clear_site_data = nil @csp = nil @csp_report_only = nil @hsts = nil = nil = nil = nil @x_permitted_cross_domain_policies = nil @x_xss_protection = nil @expect_certificate_transparency = nil self.referrer_policy = OPT_OUT self.csp = ContentSecurityPolicyConfig.new(ContentSecurityPolicyConfig::DEFAULT) self.csp_report_only = OPT_OUT instance_eval(&block) if block_given? end |
Class Method Details
.default(&block) ⇒ Object Also known as: configure
Public: Set the global default configuration.
Optionally supply a block to override the defaults set by this library.
Returns the newly created config.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/secure_headers/configuration.rb', line 17 def default(&block) if defined?(@default_config) raise AlreadyConfiguredError, "Policy already configured" end # Define a built-in override that clears all configuration options and # results in no security headers being set. override(NOOP_OVERRIDE) do |config| CONFIG_ATTRIBUTES.each do |attr| config.instance_variable_set("@#{attr}", OPT_OUT) end end new_config = new(&block).freeze new_config.validate_config! @default_config = new_config end |
.dup ⇒ Object
71 72 73 |
# File 'lib/secure_headers/configuration.rb', line 71 def dup default_config.dup end |
.named_append(name, &block) ⇒ Object
62 63 64 65 66 67 68 69 |
# File 'lib/secure_headers/configuration.rb', line 62 def named_append(name, &block) @appends ||= {} raise "Provide a configuration block" unless block_given? if named_append_or_override_exists?(name) raise AlreadyConfiguredError, "Configuration already exists" end @appends[name] = block end |
.named_appends(name) ⇒ Object
57 58 59 60 |
# File 'lib/secure_headers/configuration.rb', line 57 def named_appends(name) @appends ||= {} @appends[name] end |
.override(name, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.
Returns: the newly created config
43 44 45 46 47 48 49 50 |
# File 'lib/secure_headers/configuration.rb', line 43 def override(name, &block) @overrides ||= {} raise "Provide a configuration block" unless block_given? if named_append_or_override_exists?(name) raise AlreadyConfiguredError, "Configuration already exists" end @overrides[name] = block end |
.overrides(name) ⇒ Object
52 53 54 55 |
# File 'lib/secure_headers/configuration.rb', line 52 def overrides(name) @overrides ||= {} @overrides[name] end |
Instance Method Details
#csp=(new_csp) ⇒ Object
246 247 248 249 250 251 252 253 254 255 256 257 |
# File 'lib/secure_headers/configuration.rb', line 246 def csp=(new_csp) case new_csp when OPT_OUT @csp = new_csp when ContentSecurityPolicyConfig @csp = new_csp when Hash @csp = ContentSecurityPolicyConfig.new(new_csp) else raise ArgumentError, "Must provide either an existing CSP config or a CSP config hash" end end |
#csp_report_only=(new_csp) ⇒ Object
Configures the content-security-policy-report-only header. ‘new_csp` cannot contain `report_only: false` or an error will be raised.
NOTE: if csp has not been configured/has the default value when configuring csp_report_only, the code will assume you mean to only use report-only mode and you will be opted-out of enforce mode.
265 266 267 268 269 270 271 272 273 274 275 276 277 278 |
# File 'lib/secure_headers/configuration.rb', line 265 def csp_report_only=(new_csp) case new_csp when OPT_OUT @csp_report_only = new_csp when ContentSecurityPolicyReportOnlyConfig @csp_report_only = new_csp.dup when ContentSecurityPolicyConfig @csp_report_only = new_csp.make_report_only when Hash @csp_report_only = ContentSecurityPolicyReportOnlyConfig.new(new_csp) else raise ArgumentError, "Must provide either an existing CSP config or a CSP config hash" end end |
#dup ⇒ Object
Public: copy everything
Returns a deep-dup’d copy of this configuration.
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 |
# File 'lib/secure_headers/configuration.rb', line 181 def dup copy = self.class.new copy. = self.class.send(:deep_copy_if_hash, ) copy.csp = @csp.dup if @csp copy.csp_report_only = @csp_report_only.dup if @csp_report_only copy. = copy.hsts = @hsts copy. = copy.x_xss_protection = @x_xss_protection copy. = copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies copy.clear_site_data = @clear_site_data copy.expect_certificate_transparency = @expect_certificate_transparency copy.referrer_policy = @referrer_policy copy end |
#generate_headers ⇒ Object
210 211 212 213 214 215 216 217 218 219 220 |
# File 'lib/secure_headers/configuration.rb', line 210 def generate_headers headers = {} HEADERABLE_ATTRIBUTES.each do |attr| klass = CONFIG_ATTRIBUTES_TO_HEADER_CLASSES[attr] header_name, value = klass.make_header(instance_variable_get("@#{attr}")) if header_name && value headers[header_name] = value end end headers end |
#opt_out(header) ⇒ Object
222 223 224 |
# File 'lib/secure_headers/configuration.rb', line 222 def opt_out(header) send("#{header}=", OPT_OUT) end |
#override(name = nil, &block) ⇒ Object
Public: Apply a named override to the current config
Returns self
201 202 203 204 205 206 207 208 |
# File 'lib/secure_headers/configuration.rb', line 201 def override(name = nil, &block) if override = self.class.overrides(name) instance_eval(&override) else raise ArgumentError.new("no override by the name of #{name} has been configured") end self end |
#secure_cookies=(secure_cookies) ⇒ Object
242 243 244 |
# File 'lib/secure_headers/configuration.rb', line 242 def () raise ArgumentError, "#{Kernel.caller.first}: `#secure_cookies=` is no longer supported. Please use `#cookies=` to configure secure cookies instead." end |
#update_x_frame_options(value) ⇒ Object
226 227 228 |
# File 'lib/secure_headers/configuration.rb', line 226 def (value) = value end |
#validate_config! ⇒ Object
Public: validates all configurations values.
Raises various configuration errors if any invalid config is detected.
Returns nothing
235 236 237 238 239 240 |
# File 'lib/secure_headers/configuration.rb', line 235 def validate_config! VALIDATABLE_ATTRIBUTES.each do |attr| klass = CONFIG_ATTRIBUTES_TO_HEADER_CLASSES[attr] klass.validate_config!(instance_variable_get("@#{attr}")) end end |