Class: SecureHeaders::ContentSecurityPolicy

Inherits:
Object
  • Object
show all
Includes:
PolicyManagement
Defined in:
lib/secure_headers/headers/content_security_policy.rb

Constant Summary

Constants included from PolicyManagement

PolicyManagement::ALL_DIRECTIVES, PolicyManagement::BASE_URI, PolicyManagement::BLOB_PROTOCOL, PolicyManagement::BODY_DIRECTIVES, PolicyManagement::CHILD_SRC, PolicyManagement::CONNECT_SRC, PolicyManagement::DATA_PROTOCOL, PolicyManagement::DEFAULT_CONFIG, PolicyManagement::DEFAULT_SRC, PolicyManagement::DEPRECATED_SOURCE_VALUES, PolicyManagement::DIRECTIVES_1_0, PolicyManagement::DIRECTIVES_2_0, PolicyManagement::DIRECTIVES_3_0, PolicyManagement::DIRECTIVES_EXPERIMENTAL, PolicyManagement::DIRECTIVE_VALUE_TYPES, PolicyManagement::FETCH_SOURCES, PolicyManagement::FONT_SRC, PolicyManagement::FORM_ACTION, PolicyManagement::FRAME_ANCESTORS, PolicyManagement::FRAME_SRC, PolicyManagement::HTTP_SCHEME_REGEX, PolicyManagement::IMG_SRC, PolicyManagement::MANIFEST_SRC, PolicyManagement::MEDIA_SRC, PolicyManagement::META_CONFIGS, PolicyManagement::NAVIGATE_TO, PolicyManagement::NONCES, PolicyManagement::NONE, PolicyManagement::NON_FETCH_SOURCES, PolicyManagement::NON_SOURCE_LIST_SOURCES, PolicyManagement::OBJECT_SRC, PolicyManagement::PLUGIN_TYPES, PolicyManagement::PREFETCH_SRC, PolicyManagement::REPORT_URI, PolicyManagement::REQUIRE_SRI_FOR, PolicyManagement::REQUIRE_SRI_FOR_VALUES, PolicyManagement::REQUIRE_TRUSTED_TYPES_FOR, PolicyManagement::REQUIRE_TRUSTED_TYPES_FOR_VALUES, PolicyManagement::SANDBOX, PolicyManagement::SCRIPT_SRC, PolicyManagement::SCRIPT_SRC_ATTR, PolicyManagement::SCRIPT_SRC_ELEM, PolicyManagement::SELF, PolicyManagement::STAR, PolicyManagement::STAR_REGEXP, PolicyManagement::STRICT_DYNAMIC, PolicyManagement::STYLE_SRC, PolicyManagement::STYLE_SRC_ATTR, PolicyManagement::STYLE_SRC_ELEM, PolicyManagement::TRUSTED_TYPES, PolicyManagement::UNSAFE_EVAL, PolicyManagement::UNSAFE_INLINE, PolicyManagement::UPGRADE_INSECURE_REQUESTS, PolicyManagement::WILDCARD_SOURCES, PolicyManagement::WORKER_SRC

Instance Method Summary collapse

Methods included from PolicyManagement

included

Constructor Details

#initialize(config = nil) ⇒ ContentSecurityPolicy

Returns a new instance of ContentSecurityPolicy.



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# File 'lib/secure_headers/headers/content_security_policy.rb', line 9

def initialize(config = nil)
  @config =
    if config.is_a?(Hash)
      if config[:report_only]
        ContentSecurityPolicyReportOnlyConfig.new(config || DEFAULT_CONFIG)
      else
        ContentSecurityPolicyConfig.new(config || DEFAULT_CONFIG)
      end
    elsif config.nil?
      ContentSecurityPolicyConfig.new(DEFAULT_CONFIG)
    else
      config
    end

  @preserve_schemes = @config[:preserve_schemes]
  @script_nonce = @config[:script_nonce]
  @style_nonce = @config[:style_nonce]
end

Instance Method Details

#nameObject

Returns the name to use for the header. Either “content-security-policy” or “content-security-policy-report-only”



31
32
33
# File 'lib/secure_headers/headers/content_security_policy.rb', line 31

def name
  @config.class.const_get(:HEADER_NAME)
end

#valueObject

Return the value of the CSP header



37
38
39
40
41
42
43
44
# File 'lib/secure_headers/headers/content_security_policy.rb', line 37

def value
  @value ||=
    if @config
      build_value
    else
      DEFAULT_VALUE
    end
end