Class: SecureHeaders::Middleware

Inherits:

Object

• Object
• SecureHeaders::Middleware

Defined in:

lib/secure_headers/middleware.rb

Constant Summary

HPKP_SAME_HOST_WARNING =

"[WARNING] HPKP report host should not be the same as the request host. See https://github.com/twitter/secureheaders/issues/166"

Instance Method Summary

• #call(env) ⇒ Object

  merges the hash of headers into the current header set.

• #initialize(app) ⇒ Middleware constructor

  A new instance of Middleware.

Constructor Details

#initialize(app) ⇒ Middleware

Returns a new instance of Middleware.

# File 'lib/secure_headers/middleware.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object

merges the hash of headers into the current header set.

# File 'lib/secure_headers/middleware.rb', line 11

def call(env)
  req = Rack::Request.new(env)
  status, headers, response = @app.call(env)

  config = SecureHeaders.config_for(req)
  if config.hpkp_report_host == req.host
    Kernel.warn(HPKP_SAME_HOST_WARNING)
  end

  flag_cookies!(headers, override_secure(env, config.cookies)) unless config.cookies == OPT_OUT
  headers.merge!(SecureHeaders.header_hash_for(req))
  [status, headers, response]
end