Module: SecureHeaders

Included in:: ActionController::Base

Defined in:: lib/secure_headers.rb,
lib/secure_headers/header.rb,
lib/secure_headers/padrino.rb,
lib/secure_headers/railtie.rb,
lib/secure_headers/version.rb,
lib/secure_headers/hash_helper.rb,
lib/secure_headers/view_helper.rb,
lib/secure_headers/headers/public_key_pins.rb,
lib/secure_headers/headers/x_frame_options.rb,
lib/secure_headers/headers/x_xss_protection.rb,
lib/secure_headers/headers/x_download_options.rb,
lib/secure_headers/headers/x_content_type_options.rb,
lib/secure_headers/headers/content_security_policy.rb,
lib/secure_headers/headers/strict_transport_security.rb,
lib/secure_headers/headers/x_permitted_cross_domain_policies.rb,
lib/secure_headers/headers/content_security_policy/script_hash_middleware.rb

Defined Under Namespace

Modules: ClassMethods, Configuration, HashHelper, InstanceMethods, Padrino, ViewHelpers Classes: ContentSecurityPolicy, ContentSecurityPolicyBuildError, Header, PublicKeyPins, PublicKeyPinsBuildError, Railtie, STSBuildError, StrictTransportSecurity, UnexpectedHashedScriptException, XContentTypeOptions, XContentTypeOptionsBuildError, XDOBuildError, XDownloadOptions, XFOBuildError, XFrameOptions, XPCDPBuildError, XPermittedCrossDomainPolicies, XXssProtection, XXssProtectionBuildError

Constant Summary collapse

SCRIPT_HASH_CONFIG_FILE =

'config/script_hashes.yml'

HASHES_ENV_KEY =

'secure_headers.script_hashes'

ALL_HEADER_CLASSES =

[
  SecureHeaders::ContentSecurityPolicy,
  SecureHeaders::StrictTransportSecurity,
  SecureHeaders::PublicKeyPins,
  SecureHeaders::XContentTypeOptions,
  SecureHeaders::XDownloadOptions,
  SecureHeaders::XFrameOptions,
  SecureHeaders::XPermittedCrossDomainPolicies,
  SecureHeaders::XXssProtection
]

VERSION =

"2.4.3"

Class Method Summary collapse

Class Method Details

.append_features(base) ⇒ `Object`

# File 'lib/secure_headers.rb', line 46

def append_features(base)
  base.module_eval do
    extend ClassMethods
    include InstanceMethods
  end
end

.get_a_header(name, klass, options) ⇒ `Object`

# File 'lib/secure_headers.rb', line 69

def get_a_header(name, klass, options)
  return if options == false
  klass.new(options)
end

.header_hash(options = nil) ⇒ `Object`

# File 'lib/secure_headers.rb', line 53

def header_hash(options = nil)
  ALL_HEADER_CLASSES.inject({}) do |memo, klass|
    config = if options.is_a?(Hash) && options[klass::Constants::CONFIG_KEY]
      options[klass::Constants::CONFIG_KEY]
    else
      ::SecureHeaders::Configuration.send(klass::Constants::CONFIG_KEY)
    end

    unless klass == SecureHeaders::PublicKeyPins && !config.is_a?(Hash)
      header = get_a_header(klass::Constants::CONFIG_KEY, klass, config)
      memo[header.name] = header.value
    end
    memo
  end
end

Module: SecureHeaders

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.append_features(base) ⇒ Object

.get_a_header(name, klass, options) ⇒ Object

.header_hash(options = nil) ⇒ Object

.append_features(base) ⇒ `Object`

.get_a_header(name, klass, options) ⇒ `Object`

.header_hash(options = nil) ⇒ `Object`