Class: SecureHeaders::ContentSecurityPolicy::BrowserStrategy

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Defined in:
lib/secure_headers/headers/content_security_policy/browser_strategy.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(content_security_policy) ⇒ BrowserStrategy

Returns a new instance of BrowserStrategy.



23
24
25
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 23

def initialize(content_security_policy)
  @content_security_policy = content_security_policy
end

Class Method Details

.build(content_security_policy) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 10

def self.build(content_security_policy)
  browser = content_security_policy.browser
  klass = if browser.ie?
    IeBrowserStrategy
  elsif browser.firefox?
    FirefoxBrowserStrategy
  else
    WebkitBrowserStrategy
  end

  klass.new content_security_policy
end

Instance Method Details

#add_missing_extension_valuesObject 



69
70
71
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 69

def add_missing_extension_values
  # noop except for chrome for now
end

#base_nameObject 



27
28
29
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 27

def base_name
  SecureHeaders::ContentSecurityPolicy::STANDARD_HEADER_NAME
end

#build_impl_specific_directives(default) ⇒ Object 



57
58
59
60
61
62
63
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 57

def build_impl_specific_directives(default)
  if default.any?
    "default-src #{default.join(" ")}; "
  else
    ""
  end
end

#csp_headerObject 



39
40
41
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 39

def csp_header
  SecureHeaders::ContentSecurityPolicy::WEBKIT_CSP_HEADER
end

#directivesObject 



43
44
45
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 43

def directives
  SecureHeaders::ContentSecurityPolicy::WEBKIT_DIRECTIVES
end

#filter_unsupported_directives(config) ⇒ Object 



47
48
49
50
51
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 47

def filter_unsupported_directives(config)
  config = config.dup
  config.delete(:frame_ancestors)
  config
end

#nameObject 



31
32
33
34
35
36
37
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 31

def name
  base = base_name
  if !enforce || experimental
    base += "-Report-Only"
  end
  base
end

#normalize_reporting_endpoint?Boolean

Returns:

  • (Boolean) 


65
66
67
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 65

def normalize_reporting_endpoint?
  # noop except for Firefox for now
end

#translate_inline_or_eval(val) ⇒ Object 



53
54
55
 
# File 'lib/secure_headers/headers/content_security_policy/browser_strategy.rb', line 53

def translate_inline_or_eval val
  val == 'inline' ? "'unsafe-inline'" : "'unsafe-eval'"
end