Class: SecureHeaders::Configuration
- Inherits:
-
Object
- Object
- SecureHeaders::Configuration
- Defined in:
- lib/secure_headers/configuration.rb
Defined Under Namespace
Classes: IllegalPolicyModificationError, NotYetConfiguredError
Constant Summary collapse
- DEFAULT_CONFIG =
:default
- NOOP_CONFIGURATION =
"secure_headers_noop_config"
- HASH_CONFIG_FILE =
ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"
Instance Attribute Summary collapse
-
#cached_headers ⇒ Object
readonly
Returns the value of attribute cached_headers.
-
#clear_site_data ⇒ Object
writeonly
Sets the attribute clear_site_data.
-
#cookies ⇒ Object
readonly
Returns the value of attribute cookies.
-
#csp ⇒ Object
Returns the value of attribute csp.
-
#csp_report_only ⇒ Object
Returns the value of attribute csp_report_only.
-
#expect_certificate_transparency ⇒ Object
writeonly
Sets the attribute expect_certificate_transparency.
-
#hpkp ⇒ Object
readonly
Returns the value of attribute hpkp.
-
#hpkp_report_host ⇒ Object
readonly
Returns the value of attribute hpkp_report_host.
-
#hsts ⇒ Object
writeonly
Sets the attribute hsts.
-
#referrer_policy ⇒ Object
writeonly
Sets the attribute referrer_policy.
-
#x_content_type_options ⇒ Object
writeonly
Sets the attribute x_content_type_options.
-
#x_download_options ⇒ Object
writeonly
Sets the attribute x_download_options.
-
#x_frame_options ⇒ Object
writeonly
Sets the attribute x_frame_options.
-
#x_permitted_cross_domain_policies ⇒ Object
writeonly
Sets the attribute x_permitted_cross_domain_policies.
-
#x_xss_protection ⇒ Object
writeonly
Sets the attribute x_xss_protection.
Class Method Summary collapse
-
.default(&block) ⇒ Object
(also: configure)
Public: Set the global default configuration.
-
.get(name = DEFAULT_CONFIG) ⇒ Object
Public: retrieve a global configuration object.
- .named_append(name, target = nil, &block) ⇒ Object
- .named_appends(name) ⇒ Object
-
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
Instance Method Summary collapse
-
#dup ⇒ Object
Public: copy everything but the cached headers.
-
#initialize(&block) ⇒ Configuration
constructor
A new instance of Configuration.
- #opt_out(header) ⇒ Object
- #secure_cookies=(secure_cookies) ⇒ Object
- #update_x_frame_options(value) ⇒ Object
-
#validate_config! ⇒ Object
Public: validates all configurations values.
Constructor Details
#initialize(&block) ⇒ Configuration
Returns a new instance of Configuration.
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/secure_headers/configuration.rb', line 134 def initialize(&block) @cookies = self.class.send(:deep_copy_if_hash, Cookie::COOKIE_DEFAULTS) @clear_site_data = nil @csp = nil @csp_report_only = nil @hpkp_report_host = nil @hpkp = nil @hsts = nil @x_content_type_options = nil @x_download_options = nil @x_frame_options = nil @x_permitted_cross_domain_policies = nil @x_xss_protection = nil @expect_certificate_transparency = nil self.hpkp = OPT_OUT self.referrer_policy = OPT_OUT self.csp = ContentSecurityPolicyConfig.new(ContentSecurityPolicyConfig::DEFAULT) self.csp_report_only = OPT_OUT instance_eval(&block) if block_given? end |
Instance Attribute Details
#cached_headers ⇒ Object
Returns the value of attribute cached_headers.
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def cached_headers @cached_headers end |
#clear_site_data=(value) ⇒ Object (writeonly)
Sets the attribute clear_site_data
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def clear_site_data=(value) @clear_site_data = value end |
#cookies ⇒ Object
Returns the value of attribute cookies.
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def @cookies end |
#csp ⇒ Object
Returns the value of attribute csp.
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def csp @csp end |
#csp_report_only ⇒ Object
Returns the value of attribute csp_report_only.
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def csp_report_only @csp_report_only end |
#expect_certificate_transparency=(value) ⇒ Object (writeonly)
Sets the attribute expect_certificate_transparency
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def expect_certificate_transparency=(value) @expect_certificate_transparency = value end |
#hpkp ⇒ Object
Returns the value of attribute hpkp.
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def hpkp @hpkp end |
#hpkp_report_host ⇒ Object
Returns the value of attribute hpkp_report_host.
122 123 124 |
# File 'lib/secure_headers/configuration.rb', line 122 def hpkp_report_host @hpkp_report_host end |
#hsts=(value) ⇒ Object (writeonly)
Sets the attribute hsts
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def hsts=(value) @hsts = value end |
#referrer_policy=(value) ⇒ Object (writeonly)
Sets the attribute referrer_policy
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def referrer_policy=(value) @referrer_policy = value end |
#x_content_type_options=(value) ⇒ Object (writeonly)
Sets the attribute x_content_type_options
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def (value) @x_content_type_options = value end |
#x_download_options=(value) ⇒ Object (writeonly)
Sets the attribute x_download_options
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def (value) @x_download_options = value end |
#x_frame_options=(value) ⇒ Object (writeonly)
Sets the attribute x_frame_options
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def (value) @x_frame_options = value end |
#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)
Sets the attribute x_permitted_cross_domain_policies
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def x_permitted_cross_domain_policies=(value) @x_permitted_cross_domain_policies = value end |
#x_xss_protection=(value) ⇒ Object (writeonly)
Sets the attribute x_xss_protection
118 119 120 |
# File 'lib/secure_headers/configuration.rb', line 118 def x_xss_protection=(value) @x_xss_protection = value end |
Class Method Details
.default(&block) ⇒ Object Also known as: configure
Public: Set the global default configuration.
Optionally supply a block to override the defaults set by this library.
Returns the newly created config.
16 17 18 19 20 |
# File 'lib/secure_headers/configuration.rb', line 16 def default(&block) config = new(&block) add_noop_configuration add_configuration(DEFAULT_CONFIG, config) end |
.get(name = DEFAULT_CONFIG) ⇒ Object
Public: retrieve a global configuration object
Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.
43 44 45 46 47 48 |
# File 'lib/secure_headers/configuration.rb', line 43 def get(name = DEFAULT_CONFIG) if @configurations.nil? raise NotYetConfiguredError, "Default policy not yet supplied" end @configurations[name] end |
.named_append(name, target = nil, &block) ⇒ Object
55 56 57 58 59 |
# File 'lib/secure_headers/configuration.rb', line 55 def named_append(name, target = nil, &block) @appends ||= {} raise "Provide a configuration block" unless block_given? @appends[name] = block end |
.named_appends(name) ⇒ Object
50 51 52 53 |
# File 'lib/secure_headers/configuration.rb', line 50 def named_appends(name) @appends ||= {} @appends[name] end |
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.
Returns: the newly created config
30 31 32 33 34 35 36 37 |
# File 'lib/secure_headers/configuration.rb', line 30 def override(name, base = DEFAULT_CONFIG, &block) unless get(base) raise NotYetConfiguredError, "#{base} policy not yet supplied" end override = @configurations[base].dup override.instance_eval(&block) if block_given? add_configuration(name, override) end |
Instance Method Details
#dup ⇒ Object
Public: copy everything but the cached headers
Returns a deep-dup’d copy of this configuration.
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'lib/secure_headers/configuration.rb', line 160 def dup copy = self.class.new copy. = self.class.send(:deep_copy_if_hash, @cookies) copy.csp = @csp.dup if @csp copy.csp_report_only = @csp_report_only.dup if @csp_report_only copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers) copy. = @x_content_type_options copy.hsts = @hsts copy. = @x_frame_options copy.x_xss_protection = @x_xss_protection copy. = @x_download_options copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies copy.clear_site_data = @clear_site_data copy.expect_certificate_transparency = @expect_certificate_transparency copy.referrer_policy = @referrer_policy copy.hpkp = @hpkp copy.hpkp_report_host = @hpkp_report_host copy end |
#opt_out(header) ⇒ Object
180 181 182 183 |
# File 'lib/secure_headers/configuration.rb', line 180 def opt_out(header) send("#{header}=", OPT_OUT) self.cached_headers.delete(header) end |
#secure_cookies=(secure_cookies) ⇒ Object
211 212 213 |
# File 'lib/secure_headers/configuration.rb', line 211 def () raise ArgumentError, "#{Kernel.caller.first}: `#secure_cookies=` is no longer supported. Please use `#cookies=` to configure secure cookies instead." end |
#update_x_frame_options(value) ⇒ Object
185 186 187 188 |
# File 'lib/secure_headers/configuration.rb', line 185 def (value) @x_frame_options = value self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value) end |
#validate_config! ⇒ Object
Public: validates all configurations values.
Raises various configuration errors if any invalid config is detected.
Returns nothing
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
# File 'lib/secure_headers/configuration.rb', line 195 def validate_config! StrictTransportSecurity.validate_config!(@hsts) ContentSecurityPolicy.validate_config!(@csp) ContentSecurityPolicy.validate_config!(@csp_report_only) ReferrerPolicy.validate_config!(@referrer_policy) XFrameOptions.validate_config!(@x_frame_options) XContentTypeOptions.validate_config!(@x_content_type_options) XXssProtection.validate_config!(@x_xss_protection) XDownloadOptions.validate_config!(@x_download_options) XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies) ClearSiteData.validate_config!(@clear_site_data) ExpectCertificateTransparency.validate_config!(@expect_certificate_transparency) PublicKeyPins.validate_config!(@hpkp) Cookie.validate_config!(@cookies) end |