Class: SecureHeaders::ContentSecurityPolicy
- Inherits:
-
Object
- Object
- SecureHeaders::ContentSecurityPolicy
- Includes:
- PolicyManagement
- Defined in:
- lib/secure_headers/headers/content_security_policy.rb
Constant Summary
Constants included from PolicyManagement
PolicyManagement::ALL_DIRECTIVES, PolicyManagement::BASE_URI, PolicyManagement::BLOB_PROTOCOL, PolicyManagement::BODY_DIRECTIVES, PolicyManagement::CHILD_SRC, PolicyManagement::CONNECT_SRC, PolicyManagement::DATA_PROTOCOL, PolicyManagement::DEFAULT_CONFIG, PolicyManagement::DEFAULT_SRC, PolicyManagement::DEPRECATED_SOURCE_VALUES, PolicyManagement::DIRECTIVES_1_0, PolicyManagement::DIRECTIVES_2_0, PolicyManagement::DIRECTIVES_3_0, PolicyManagement::DIRECTIVES_EXPERIMENTAL, PolicyManagement::DIRECTIVE_VALUE_TYPES, PolicyManagement::FETCH_SOURCES, PolicyManagement::FONT_SRC, PolicyManagement::FORM_ACTION, PolicyManagement::FRAME_ANCESTORS, PolicyManagement::FRAME_SRC, PolicyManagement::HTTP_SCHEME_REGEX, PolicyManagement::IMG_SRC, PolicyManagement::MANIFEST_SRC, PolicyManagement::MEDIA_SRC, PolicyManagement::META_CONFIGS, PolicyManagement::NAVIGATE_TO, PolicyManagement::NONCES, PolicyManagement::NONE, PolicyManagement::NON_FETCH_SOURCES, PolicyManagement::NON_SOURCE_LIST_SOURCES, PolicyManagement::OBJECT_SRC, PolicyManagement::PLUGIN_TYPES, PolicyManagement::PREFETCH_SRC, PolicyManagement::REPORT_URI, PolicyManagement::REQUIRE_SRI_FOR, PolicyManagement::REQUIRE_SRI_FOR_VALUES, PolicyManagement::REQUIRE_TRUSTED_TYPES_FOR, PolicyManagement::REQUIRE_TRUSTED_TYPES_FOR_VALUES, PolicyManagement::SANDBOX, PolicyManagement::SCRIPT_SRC, PolicyManagement::SCRIPT_SRC_ATTR, PolicyManagement::SCRIPT_SRC_ELEM, PolicyManagement::SELF, PolicyManagement::STAR, PolicyManagement::STAR_REGEXP, PolicyManagement::STRICT_DYNAMIC, PolicyManagement::STYLE_SRC, PolicyManagement::STYLE_SRC_ATTR, PolicyManagement::STYLE_SRC_ELEM, PolicyManagement::TRUSTED_TYPES, PolicyManagement::UNSAFE_EVAL, PolicyManagement::UNSAFE_INLINE, PolicyManagement::UPGRADE_INSECURE_REQUESTS, PolicyManagement::WILDCARD_SOURCES, PolicyManagement::WORKER_SRC
Instance Method Summary collapse
-
#initialize(config = nil) ⇒ ContentSecurityPolicy
constructor
A new instance of ContentSecurityPolicy.
-
#name ⇒ Object
Returns the name to use for the header.
-
#value ⇒ Object
Return the value of the CSP header.
Methods included from PolicyManagement
Constructor Details
#initialize(config = nil) ⇒ ContentSecurityPolicy
Returns a new instance of ContentSecurityPolicy.
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 9 def initialize(config = nil) @config = if config.is_a?(Hash) if config[:report_only] ContentSecurityPolicyReportOnlyConfig.new(config || DEFAULT_CONFIG) else ContentSecurityPolicyConfig.new(config || DEFAULT_CONFIG) end elsif config.nil? ContentSecurityPolicyConfig.new(DEFAULT_CONFIG) else config end @preserve_schemes = @config[:preserve_schemes] @script_nonce = @config[:script_nonce] @style_nonce = @config[:style_nonce] end |
Instance Method Details
#name ⇒ Object
Returns the name to use for the header. Either “content-security-policy” or “content-security-policy-report-only”
31 32 33 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 31 def name @config.class.const_get(:HEADER_NAME) end |
#value ⇒ Object
Return the value of the CSP header
37 38 39 40 41 42 43 44 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 37 def value @value ||= if @config build_value else DEFAULT_VALUE end end |