Class: SecureHeaders::Configuration
- Inherits:
-
Object
- Object
- SecureHeaders::Configuration
- Defined in:
- lib/secure_headers/configuration.rb
Defined Under Namespace
Classes: IllegalPolicyModificationError, NotYetConfiguredError
Constant Summary collapse
- DEFAULT_CONFIG =
:default
- NOOP_CONFIGURATION =
"secure_headers_noop_config"
- HASH_CONFIG_FILE =
ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"
Instance Attribute Summary collapse
-
#cached_headers ⇒ Object
readonly
Returns the value of attribute cached_headers.
-
#cookies ⇒ Object
readonly
Returns the value of attribute cookies.
-
#csp ⇒ Object
readonly
Returns the value of attribute csp.
-
#dynamic_csp ⇒ Object
Returns the value of attribute dynamic_csp.
-
#hpkp ⇒ Object
readonly
Returns the value of attribute hpkp.
-
#hpkp_report_host ⇒ Object
readonly
Returns the value of attribute hpkp_report_host.
-
#hsts ⇒ Object
writeonly
Sets the attribute hsts.
-
#referrer_policy ⇒ Object
writeonly
Sets the attribute referrer_policy.
-
#x_content_type_options ⇒ Object
writeonly
Sets the attribute x_content_type_options.
-
#x_download_options ⇒ Object
writeonly
Sets the attribute x_download_options.
-
#x_frame_options ⇒ Object
writeonly
Sets the attribute x_frame_options.
-
#x_permitted_cross_domain_policies ⇒ Object
writeonly
Sets the attribute x_permitted_cross_domain_policies.
-
#x_xss_protection ⇒ Object
writeonly
Sets the attribute x_xss_protection.
Class Method Summary collapse
-
.default(&block) ⇒ Object
(also: configure)
Public: Set the global default configuration.
-
.get(name = DEFAULT_CONFIG) ⇒ Object
Public: retrieve a global configuration object.
-
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
Instance Method Summary collapse
- #current_csp ⇒ Object
-
#dup ⇒ Object
Public: copy everything but the cached headers.
-
#initialize(&block) ⇒ Configuration
constructor
A new instance of Configuration.
- #opt_out(header) ⇒ Object
-
#rebuild_csp_header_cache!(user_agent) ⇒ Object
Public: generated cached headers for a specific user agent.
- #secure_cookies=(secure_cookies) ⇒ Object
- #update_x_frame_options(value) ⇒ Object
-
#validate_config! ⇒ Object
Public: validates all configurations values.
Constructor Details
#initialize(&block) ⇒ Configuration
Returns a new instance of Configuration.
121 122 123 124 125 126 |
# File 'lib/secure_headers/configuration.rb', line 121 def initialize(&block) self.hpkp = OPT_OUT self.referrer_policy = OPT_OUT self.csp = self.class.send(:deep_copy, CSP::DEFAULT_CONFIG) instance_eval &block if block_given? end |
Instance Attribute Details
#cached_headers ⇒ Object
Returns the value of attribute cached_headers.
112 113 114 |
# File 'lib/secure_headers/configuration.rb', line 112 def cached_headers @cached_headers end |
#cookies ⇒ Object
Returns the value of attribute cookies.
112 113 114 |
# File 'lib/secure_headers/configuration.rb', line 112 def @cookies end |
#csp ⇒ Object
Returns the value of attribute csp.
112 113 114 |
# File 'lib/secure_headers/configuration.rb', line 112 def csp @csp end |
#dynamic_csp ⇒ Object
Returns the value of attribute dynamic_csp.
106 107 108 |
# File 'lib/secure_headers/configuration.rb', line 106 def dynamic_csp @dynamic_csp end |
#hpkp ⇒ Object
Returns the value of attribute hpkp.
112 113 114 |
# File 'lib/secure_headers/configuration.rb', line 112 def hpkp @hpkp end |
#hpkp_report_host ⇒ Object
Returns the value of attribute hpkp_report_host.
112 113 114 |
# File 'lib/secure_headers/configuration.rb', line 112 def hpkp_report_host @hpkp_report_host end |
#hsts=(value) ⇒ Object (writeonly)
Sets the attribute hsts
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def hsts=(value) @hsts = value end |
#referrer_policy=(value) ⇒ Object (writeonly)
Sets the attribute referrer_policy
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def referrer_policy=(value) @referrer_policy = value end |
#x_content_type_options=(value) ⇒ Object (writeonly)
Sets the attribute x_content_type_options
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def (value) @x_content_type_options = value end |
#x_download_options=(value) ⇒ Object (writeonly)
Sets the attribute x_download_options
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def (value) @x_download_options = value end |
#x_frame_options=(value) ⇒ Object (writeonly)
Sets the attribute x_frame_options
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def (value) @x_frame_options = value end |
#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)
Sets the attribute x_permitted_cross_domain_policies
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def x_permitted_cross_domain_policies=(value) @x_permitted_cross_domain_policies = value end |
#x_xss_protection=(value) ⇒ Object (writeonly)
Sets the attribute x_xss_protection
108 109 110 |
# File 'lib/secure_headers/configuration.rb', line 108 def x_xss_protection=(value) @x_xss_protection = value end |
Class Method Details
.default(&block) ⇒ Object Also known as: configure
Public: Set the global default configuration.
Optionally supply a block to override the defaults set by this library.
Returns the newly created config.
15 16 17 18 19 |
# File 'lib/secure_headers/configuration.rb', line 15 def default(&block) config = new(&block) add_noop_configuration add_configuration(DEFAULT_CONFIG, config) end |
.get(name = DEFAULT_CONFIG) ⇒ Object
Public: retrieve a global configuration object
Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.
42 43 44 45 46 47 |
# File 'lib/secure_headers/configuration.rb', line 42 def get(name = DEFAULT_CONFIG) if @configurations.nil? raise NotYetConfiguredError, "Default policy not yet supplied" end @configurations[name] end |
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.
Returns: the newly created config
29 30 31 32 33 34 35 36 |
# File 'lib/secure_headers/configuration.rb', line 29 def override(name, base = DEFAULT_CONFIG, &block) unless get(base) raise NotYetConfiguredError, "#{base} policy not yet supplied" end override = @configurations[base].dup override.instance_eval &block if block_given? add_configuration(name, override) end |
Instance Method Details
#current_csp ⇒ Object
172 173 174 |
# File 'lib/secure_headers/configuration.rb', line 172 def current_csp @dynamic_csp || @csp end |
#dup ⇒ Object
Public: copy everything but the cached headers
Returns a deep-dup’d copy of this configuration.
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
# File 'lib/secure_headers/configuration.rb', line 131 def dup copy = self.class.new copy. = @cookies copy.csp = self.class.send(:deep_copy_if_hash, @csp) copy.dynamic_csp = self.class.send(:deep_copy_if_hash, @dynamic_csp) copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers) copy. = @x_content_type_options copy.hsts = @hsts copy. = @x_frame_options copy.x_xss_protection = @x_xss_protection copy. = @x_download_options copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies copy.referrer_policy = @referrer_policy copy.hpkp = @hpkp copy.hpkp_report_host = @hpkp_report_host copy end |
#opt_out(header) ⇒ Object
149 150 151 152 153 154 155 |
# File 'lib/secure_headers/configuration.rb', line 149 def opt_out(header) send("#{header}=", OPT_OUT) if header == CSP::CONFIG_KEY dynamic_csp = OPT_OUT end self.cached_headers.delete(header) end |
#rebuild_csp_header_cache!(user_agent) ⇒ Object
Public: generated cached headers for a specific user agent.
163 164 165 166 167 168 169 170 |
# File 'lib/secure_headers/configuration.rb', line 163 def rebuild_csp_header_cache!(user_agent) self.cached_headers[CSP::CONFIG_KEY] = {} unless current_csp == OPT_OUT user_agent = UserAgent.parse(user_agent) variation = CSP.ua_to_variation(user_agent) self.cached_headers[CSP::CONFIG_KEY][variation] = CSP.make_header(current_csp, user_agent) end end |
#secure_cookies=(secure_cookies) ⇒ Object
194 195 196 197 |
# File 'lib/secure_headers/configuration.rb', line 194 def () Kernel.warn "#{Kernel.caller.first}: [DEPRECATION] `#secure_cookies=` is deprecated. Please use `#cookies=` to configure secure cookies instead." @cookies = (@cookies || {}).merge(secure: ) end |
#update_x_frame_options(value) ⇒ Object
157 158 159 160 |
# File 'lib/secure_headers/configuration.rb', line 157 def (value) @x_frame_options = value self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value) end |
#validate_config! ⇒ Object
Public: validates all configurations values.
Raises various configuration errors if any invalid config is detected.
Returns nothing
181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'lib/secure_headers/configuration.rb', line 181 def validate_config! StrictTransportSecurity.validate_config!(@hsts) ContentSecurityPolicy.validate_config!(@csp) ReferrerPolicy.validate_config!(@referrer_policy) XFrameOptions.validate_config!(@x_frame_options) XContentTypeOptions.validate_config!(@x_content_type_options) XXssProtection.validate_config!(@x_xss_protection) XDownloadOptions.validate_config!(@x_download_options) XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies) PublicKeyPins.validate_config!(@hpkp) Cookie.validate_config!(@cookies) end |