Class: SecureHeaders::ContentSecurityPolicy
- Inherits:
-
Object
- Object
- SecureHeaders::ContentSecurityPolicy
- Includes:
- PolicyManagement
- Defined in:
- lib/secure_headers/headers/content_security_policy.rb
Constant Summary collapse
- VERSION_46 =
constants to be used for version-specific UA sniffing
::UserAgent::Version.new("46")
- VERSION_10 =
::UserAgent::Version.new("10")
- FALLBACK_VERSION =
::UserAgent::Version.new("0")
Constants included from PolicyManagement
PolicyManagement::ALL_DIRECTIVES, PolicyManagement::BASE_URI, PolicyManagement::BLOB_PROTOCOL, PolicyManagement::BLOCK_ALL_MIXED_CONTENT, PolicyManagement::BODY_DIRECTIVES, PolicyManagement::CHILD_SRC, PolicyManagement::CHROME_DIRECTIVES, PolicyManagement::CONNECT_SRC, PolicyManagement::DATA_PROTOCOL, PolicyManagement::DEFAULT_CONFIG, PolicyManagement::DEFAULT_SRC, PolicyManagement::DEPRECATED_SOURCE_VALUES, PolicyManagement::DIRECTIVES_1_0, PolicyManagement::DIRECTIVES_2_0, PolicyManagement::DIRECTIVES_3_0, PolicyManagement::DIRECTIVE_VALUE_TYPES, PolicyManagement::EDGE_DIRECTIVES, PolicyManagement::FETCH_SOURCES, PolicyManagement::FIREFOX_46_DEPRECATED_DIRECTIVES, PolicyManagement::FIREFOX_46_DIRECTIVES, PolicyManagement::FIREFOX_46_UNSUPPORTED_DIRECTIVES, PolicyManagement::FIREFOX_DIRECTIVES, PolicyManagement::FIREFOX_UNSUPPORTED_DIRECTIVES, PolicyManagement::FONT_SRC, PolicyManagement::FORM_ACTION, PolicyManagement::FRAME_ANCESTORS, PolicyManagement::FRAME_SRC, PolicyManagement::HTTP_SCHEME_REGEX, PolicyManagement::IMG_SRC, PolicyManagement::MANIFEST_SRC, PolicyManagement::MEDIA_SRC, PolicyManagement::META_CONFIGS, PolicyManagement::MODERN_BROWSERS, PolicyManagement::NONCES, PolicyManagement::NONE, PolicyManagement::NON_FETCH_SOURCES, PolicyManagement::NON_SOURCE_LIST_SOURCES, PolicyManagement::OBJECT_SRC, PolicyManagement::OTHER, PolicyManagement::PLUGIN_TYPES, PolicyManagement::REPORT_URI, PolicyManagement::SAFARI_10_DIRECTIVES, PolicyManagement::SAFARI_DIRECTIVES, PolicyManagement::SANDBOX, PolicyManagement::SCRIPT_SRC, PolicyManagement::SELF, PolicyManagement::STAR, PolicyManagement::STAR_REGEXP, PolicyManagement::STRICT_DYNAMIC, PolicyManagement::STYLE_SRC, PolicyManagement::UNSAFE_EVAL, PolicyManagement::UNSAFE_INLINE, PolicyManagement::UPGRADE_INSECURE_REQUESTS, PolicyManagement::VARIATIONS, PolicyManagement::WILDCARD_SOURCES, PolicyManagement::WORKER_SRC
Instance Method Summary collapse
-
#initialize(config = nil, user_agent = OTHER) ⇒ ContentSecurityPolicy
constructor
A new instance of ContentSecurityPolicy.
-
#name ⇒ Object
Returns the name to use for the header.
-
#value ⇒ Object
Return the value of the CSP header.
Methods included from PolicyManagement
Constructor Details
#initialize(config = nil, user_agent = OTHER) ⇒ ContentSecurityPolicy
Returns a new instance of ContentSecurityPolicy.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 15 def initialize(config = nil, user_agent = OTHER) @config = if config.is_a?(Hash) if config[:report_only] ContentSecurityPolicyReportOnlyConfig.new(config || DEFAULT_CONFIG) else ContentSecurityPolicyConfig.new(config || DEFAULT_CONFIG) end elsif config.nil? ContentSecurityPolicyConfig.new(DEFAULT_CONFIG) else config end @parsed_ua = if user_agent.is_a?(UserAgent::Browsers::Base) user_agent else UserAgent.parse(user_agent) end @frame_src = normalize_child_frame_src @preserve_schemes = @config.preserve_schemes @script_nonce = @config.script_nonce @style_nonce = @config.style_nonce end |
Instance Method Details
#name ⇒ Object
Returns the name to use for the header. Either “Content-Security-Policy” or “Content-Security-Policy-Report-Only”
42 43 44 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 42 def name @config.class.const_get(:HEADER_NAME) end |
#value ⇒ Object
Return the value of the CSP header
48 49 50 51 52 53 54 |
# File 'lib/secure_headers/headers/content_security_policy.rb', line 48 def value @value ||= if @config build_value else DEFAULT_VALUE end end |