Class: SecureHeaders::Configuration

Inherits:

Object

• Object
• SecureHeaders::Configuration

Defined in:

lib/secure_headers/configuration.rb

Defined Under Namespace

Classes: IllegalPolicyModificationError, NotYetConfiguredError

Constant Summary

DEFAULT_CONFIG =

:default

NOOP_CONFIGURATION =

"secure_headers_noop_config"

HASH_CONFIG_FILE =

ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"

Instance Attribute Summary

• #cached_headers ⇒ Object readonly

  Returns the value of attribute cached_headers.

• #cookies ⇒ Object readonly

  Returns the value of attribute cookies.

• #csp ⇒ Object readonly

  Returns the value of attribute csp.

• #dynamic_csp ⇒ Object

  Returns the value of attribute dynamic_csp.

• #hpkp ⇒ Object readonly

  Returns the value of attribute hpkp.

• #hpkp_report_host ⇒ Object readonly

  Returns the value of attribute hpkp_report_host.

• #hsts ⇒ Object writeonly

  Sets the attribute hsts.

• #referrer_policy ⇒ Object writeonly

  Sets the attribute referrer_policy.

• #x_content_type_options ⇒ Object writeonly

  Sets the attribute x_content_type_options.

• #x_download_options ⇒ Object writeonly

  Sets the attribute x_download_options.

• #x_frame_options ⇒ Object writeonly

  Sets the attribute x_frame_options.

• #x_permitted_cross_domain_policies ⇒ Object writeonly

  Sets the attribute x_permitted_cross_domain_policies.

• #x_xss_protection ⇒ Object writeonly

  Sets the attribute x_xss_protection.

Class Method Summary

• .default(&block) ⇒ Object (also: configure)

  Public: Set the global default configuration.

• .get(name = DEFAULT_CONFIG) ⇒ Object

  Public: retrieve a global configuration object.

• .override(name, base = DEFAULT_CONFIG, &block) ⇒ Object

  Public: create a named configuration that overrides the default config.

Instance Method Summary

• #current_csp ⇒ Object
• #dup ⇒ Object

  Public: copy everything but the cached headers.

• #initialize(&block) ⇒ Configuration constructor

  A new instance of Configuration.

• #opt_out(header) ⇒ Object
• #rebuild_csp_header_cache!(user_agent) ⇒ Object

  Public: generated cached headers for a specific user agent.

• #secure_cookies=(secure_cookies) ⇒ Object
• #update_x_frame_options(value) ⇒ Object
• #validate_config! ⇒ Object

  Public: validates all configurations values.

Constructor Details

#initialize(&block) ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/secure_headers/configuration.rb', line 121

def initialize(&block)
  self.hpkp = OPT_OUT
  self.referrer_policy = OPT_OUT
  self.csp = self.class.send(:deep_copy, CSP::DEFAULT_CONFIG)
  instance_eval &block if block_given?
end

Instance Attribute Details

#cached_headers ⇒ Object

Returns the value of attribute cached_headers.

# File 'lib/secure_headers/configuration.rb', line 112

def cached_headers
  @cached_headers
end

#cookies ⇒ Object

Returns the value of attribute cookies.

# File 'lib/secure_headers/configuration.rb', line 112

def cookies
  @cookies
end

#csp ⇒ Object

Returns the value of attribute csp.

# File 'lib/secure_headers/configuration.rb', line 112

def csp
  @csp
end

#dynamic_csp ⇒ Object

Returns the value of attribute dynamic_csp.

# File 'lib/secure_headers/configuration.rb', line 106

def dynamic_csp
  @dynamic_csp
end

#hpkp ⇒ Object

Returns the value of attribute hpkp.

# File 'lib/secure_headers/configuration.rb', line 112

def hpkp
  @hpkp
end

#hpkp_report_host ⇒ Object

Returns the value of attribute hpkp_report_host.

# File 'lib/secure_headers/configuration.rb', line 112

def hpkp_report_host
  @hpkp_report_host
end

#hsts=(value) ⇒ Object (writeonly)

Sets the attribute hsts

Parameters:

• value —

  the value to set the attribute hsts to.

# File 'lib/secure_headers/configuration.rb', line 108

def hsts=(value)
  @hsts = value
end

#referrer_policy=(value) ⇒ Object (writeonly)

Sets the attribute referrer_policy

Parameters:

• value —

  the value to set the attribute referrer_policy to.

# File 'lib/secure_headers/configuration.rb', line 108

def referrer_policy=(value)
  @referrer_policy = value
end

#x_content_type_options=(value) ⇒ Object (writeonly)

Sets the attribute x_content_type_options

Parameters:

• value —

  the value to set the attribute x_content_type_options to.

# File 'lib/secure_headers/configuration.rb', line 108

def x_content_type_options=(value)
  @x_content_type_options = value
end

#x_download_options=(value) ⇒ Object (writeonly)

Sets the attribute x_download_options

Parameters:

• value —

  the value to set the attribute x_download_options to.

# File 'lib/secure_headers/configuration.rb', line 108

def x_download_options=(value)
  @x_download_options = value
end

#x_frame_options=(value) ⇒ Object (writeonly)

Sets the attribute x_frame_options

Parameters:

• value —

  the value to set the attribute x_frame_options to.

# File 'lib/secure_headers/configuration.rb', line 108

def x_frame_options=(value)
  @x_frame_options = value
end

#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)

Sets the attribute x_permitted_cross_domain_policies

Parameters:

• value —

  the value to set the attribute x_permitted_cross_domain_policies to.

# File 'lib/secure_headers/configuration.rb', line 108

def x_permitted_cross_domain_policies=(value)
  @x_permitted_cross_domain_policies = value
end

#x_xss_protection=(value) ⇒ Object (writeonly)

Sets the attribute x_xss_protection

Parameters:

• value —

  the value to set the attribute x_xss_protection to.

# File 'lib/secure_headers/configuration.rb', line 108

def x_xss_protection=(value)
  @x_xss_protection = value
end

Class Method Details

.default(&block) ⇒ Object Also known as: configure

Public: Set the global default configuration.

Optionally supply a block to override the defaults set by this library.

Returns the newly created config.

# File 'lib/secure_headers/configuration.rb', line 15

def default(&block)
  config = new(&block)
  add_noop_configuration
  add_configuration(DEFAULT_CONFIG, config)
end

.get(name = DEFAULT_CONFIG) ⇒ Object

Public: retrieve a global configuration object

Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.

# File 'lib/secure_headers/configuration.rb', line 42

def get(name = DEFAULT_CONFIG)
  if @configurations.nil?
    raise NotYetConfiguredError, "Default policy not yet supplied"
  end
  @configurations[name]
end

.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object

Public: create a named configuration that overrides the default config.

name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.

Returns: the newly created config

# File 'lib/secure_headers/configuration.rb', line 29

def override(name, base = DEFAULT_CONFIG, &block)
  unless get(base)
    raise NotYetConfiguredError, "#{base} policy not yet supplied"
  end
  override = @configurations[base].dup
  override.instance_eval &block if block_given?
  add_configuration(name, override)
end

Instance Method Details

#current_csp ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 172

def current_csp
  @dynamic_csp || @csp
end

#dup ⇒ Object

Public: copy everything but the cached headers

Returns a deep-dup’d copy of this configuration.

# File 'lib/secure_headers/configuration.rb', line 131

def dup
  copy = self.class.new
  copy.cookies = @cookies
  copy.csp = self.class.send(:deep_copy_if_hash, @csp)
  copy.dynamic_csp = self.class.send(:deep_copy_if_hash, @dynamic_csp)
  copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers)
  copy.x_content_type_options = @x_content_type_options
  copy.hsts = @hsts
  copy.x_frame_options = @x_frame_options
  copy.x_xss_protection = @x_xss_protection
  copy.x_download_options = @x_download_options
  copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies
  copy.referrer_policy = @referrer_policy
  copy.hpkp = @hpkp
  copy.hpkp_report_host = @hpkp_report_host
  copy
end

#opt_out(header) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 149

def opt_out(header)
  send("#{header}=", OPT_OUT)
  if header == CSP::CONFIG_KEY
    dynamic_csp = OPT_OUT
  end
  self.cached_headers.delete(header)
end

#rebuild_csp_header_cache!(user_agent) ⇒ Object

Public: generated cached headers for a specific user agent.

# File 'lib/secure_headers/configuration.rb', line 163

def rebuild_csp_header_cache!(user_agent)
  self.cached_headers[CSP::CONFIG_KEY] = {}
  unless current_csp == OPT_OUT
    user_agent = UserAgent.parse(user_agent)
    variation = CSP.ua_to_variation(user_agent)
    self.cached_headers[CSP::CONFIG_KEY][variation] = CSP.make_header(current_csp, user_agent)
  end
end

#secure_cookies=(secure_cookies) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 194

def secure_cookies=(secure_cookies)
  Kernel.warn "#{Kernel.caller.first}: [DEPRECATION] `#secure_cookies=` is deprecated. Please use `#cookies=` to configure secure cookies instead."
  @cookies = (@cookies || {}).merge(secure: secure_cookies)
end

#update_x_frame_options(value) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 157

def update_x_frame_options(value)
  @x_frame_options = value
  self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value)
end

#validate_config! ⇒ Object

Public: validates all configurations values.

Raises various configuration errors if any invalid config is detected.

Returns nothing

# File 'lib/secure_headers/configuration.rb', line 181

def validate_config!
  StrictTransportSecurity.validate_config!(@hsts)
  ContentSecurityPolicy.validate_config!(@csp)
  ReferrerPolicy.validate_config!(@referrer_policy)
  XFrameOptions.validate_config!(@x_frame_options)
  XContentTypeOptions.validate_config!(@x_content_type_options)
  XXssProtection.validate_config!(@x_xss_protection)
  XDownloadOptions.validate_config!(@x_download_options)
  XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies)
  PublicKeyPins.validate_config!(@hpkp)
  Cookie.validate_config!(@cookies)
end