Class: SecureHeaders::XPermittedCrossDomainPolicies

Inherits:

Object

Object
SecureHeaders::XPermittedCrossDomainPolicies

Defined in:: lib/secure_headers/headers/x_permitted_cross_domain_policies.rb

Constant Summary collapse

HEADER_NAME =

"X-Permitted-Cross-Domain-Policies"

DEFAULT_VALUE =

'none'

VALID_POLICIES =

%w(all none master-only by-content-type by-ftp-filename)

CONFIG_KEY =

:x_permitted_cross_domain_policies

Class Method Summary collapse

.make_header(config = nil) ⇒ Object

Public: generate an X-Permitted-Cross-Domain-Policies header.
.validate_config!(config) ⇒ Object

Class Method Details

.make_header(config = nil) ⇒ `Object`

Public: generate an X-Permitted-Cross-Domain-Policies header.

Returns a default header if no configuration is provided, or a header name and value based on the config.



14
15
16

# File 'lib/secure_headers/headers/x_permitted_cross_domain_policies.rb', line 14

def make_header(config = nil)
  [HEADER_NAME, config || DEFAULT_VALUE]
end

.validate_config!(config) ⇒ `Object`

Raises:

(TypeError)

# File 'lib/secure_headers/headers/x_permitted_cross_domain_policies.rb', line 18

def validate_config!(config)
  return if config.nil? || config == OPT_OUT
  raise TypeError.new("Must be a string. Found #{config.class}: #{config}") unless config.is_a?(String)
  unless VALID_POLICIES.include?(config.downcase)
    raise XPCDPConfigError.new("Value can only be one of #{VALID_POLICIES.join(', ')}")
  end
end