Class: SecureHeaders::ContentSecurityPolicy
- Inherits:
-
Object
- Object
- SecureHeaders::ContentSecurityPolicy
- Includes:
- Constants
- Defined in:
- lib/secure_headers/headers/content_security_policy.rb,
lib/secure_headers/headers/content_security_policy/browser_strategy.rb,
lib/secure_headers/headers/content_security_policy/ie_browser_strategy.rb,
lib/secure_headers/headers/content_security_policy/webkit_browser_strategy.rb,
lib/secure_headers/headers/content_security_policy/firefox_browser_strategy.rb
Defined Under Namespace
Modules: Constants Classes: BrowserStrategy, FirefoxBrowserStrategy, IeBrowserStrategy, WebkitBrowserStrategy
Constant Summary
Constants included from Constants
Constants::FF_CSP_ENDPOINT, Constants::FIREFOX_CSP_HEADER, Constants::FIREFOX_CSP_HEADER_NAME, Constants::FIREFOX_DIRECTIVES, Constants::META, Constants::STANDARD_HEADER_NAME, Constants::WEBKIT_CSP_HEADER, Constants::WEBKIT_CSP_HEADER_NAME, Constants::WEBKIT_DIRECTIVES
Instance Attribute Summary collapse
-
#browser ⇒ Object
readonly
Returns the value of attribute browser.
-
#config ⇒ Object
readonly
Returns the value of attribute config.
-
#experimental ⇒ Object
readonly
Returns the value of attribute experimental.
-
#report_uri ⇒ Object
readonly
Returns the value of attribute report_uri.
-
#request_uri ⇒ Object
readonly
Returns the value of attribute request_uri.
-
#ssl_request ⇒ Object
(also: #ssl_request?)
readonly
Returns the value of attribute ssl_request.
Instance Method Summary collapse
- #configure(opts) ⇒ Object
-
#initialize(config = nil, options = {}) ⇒ ContentSecurityPolicy
constructor
options
param contains :experimental use experimental block for config :ssl_request used to determine if http_additions should be used :request_uri used to determine if firefox should send the report directly or use the forwarding endpoint :ua the user agent (or just use Firefox/Chrome/MSIE/etc). - #name ⇒ Object
- #value ⇒ Object
Constructor Details
#initialize(config = nil, options = {}) ⇒ ContentSecurityPolicy
options
param contains :experimental use experimental block for config :ssl_request used to determine if http_additions should be used :request_uri used to determine if firefox should send the report directly or use the forwarding endpoint :ua the user agent (or just use Firefox/Chrome/MSIE/etc)
:report used to determine what :ssl_request, :ua, and :request_uri are set to
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 37 def initialize(config=nil, ={}) @experimental = !!.delete(:experimental) @controller = .delete(:controller) if [:request] parse_request([:request]) else @browser = Brwsr::Browser.new(:ua => [:ua]) # fails open, assumes http. Bad idea? Will always include http additions. # could also fail if not supplied. @ssl_request = !!.delete(:ssl) # a nil value here means we always assume we are not on the same host, # which causes all FF csp reports to go through the forwarder @request_uri = .delete(:request_uri) end configure(config) if config end |
Instance Attribute Details
#browser ⇒ Object (readonly)
Returns the value of attribute browser.
23 24 25 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 23 def browser @browser end |
#config ⇒ Object (readonly)
Returns the value of attribute config.
23 24 25 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 23 def config @config end |
#experimental ⇒ Object (readonly)
Returns the value of attribute experimental.
23 24 25 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 23 def experimental @experimental end |
#report_uri ⇒ Object (readonly)
Returns the value of attribute report_uri.
23 24 25 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 23 def report_uri @report_uri end |
#request_uri ⇒ Object (readonly)
Returns the value of attribute request_uri.
23 24 25 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 23 def request_uri @request_uri end |
#ssl_request ⇒ Object (readonly) Also known as: ssl_request?
Returns the value of attribute ssl_request.
23 24 25 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 23 def ssl_request @ssl_request end |
Instance Method Details
#configure(opts) ⇒ Object
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 55 def configure opts @config = opts.dup experimental_config = @config.delete(:experimental) if @experimental && experimental_config @config[:http_additions] = experimental_config[:http_additions] @config.merge!(experimental_config) end META.each do || self.send("#{}=", @config.delete()) end @report_uri = @config.delete(:report_uri) @script_nonce = @config.delete(:script_nonce) normalize_reporting_endpoint filter_unsupported_directives end |
#name ⇒ Object
76 77 78 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 76 def name browser_strategy.name end |
#value ⇒ Object
80 81 82 83 84 85 86 87 88 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 80 def value return @config if @config.is_a?(String) if @config build_value else browser_strategy.csp_header end end |