Module: Camo::HeadersUtils

Included in:: Client, Request, Server

Defined in:: lib/camo/headers_utils.rb

Constant Summary collapse

HOSTNAME =

ENV.fetch("CAMORB_HOSTNAME", "unknown")

TIMING_ALLOW_ORIGIN =

ENV.fetch("CAMORB_TIMING_ALLOW_ORIGIN", nil)

REQUEST_SECURITY_HEADERS =

{
  "X-Frame-Options" => "deny",
  "X-XSS-Protection" => "1; mode=block",
  "X-Content-Type-Options" => "nosniff",
  "Content-Security-Policy" => "default-src 'none'; img-src data:; style-src 'unsafe-inline'"
}

RESPONSE_SECURITY_HEADERS =

REQUEST_SECURITY_HEADERS.merge({
  "Strict-Transport-Security" => "max-age=31536000; includeSubDomains"
})

Class Method Summary collapse

.user_agent ⇒ Object

Instance Method Summary collapse

Class Method Details

.user_agent ⇒ `Object`



17
18
19

# File 'lib/camo/headers_utils.rb', line 17

def self.user_agent
  ENV.fetch("CAMORB_HEADER_VIA", "CamoRB Asset Proxy #{Camo::Version::GEM}")
end

Instance Method Details

#default_request_headers ⇒ `Object`

# File 'lib/camo/headers_utils.rb', line 28

def default_request_headers
  REQUEST_SECURITY_HEADERS.merge({
    "Via" => user_agent,
    "User-Agent" => user_agent
  })
end

#default_response_headers ⇒ `Object`

# File 'lib/camo/headers_utils.rb', line 21

def default_response_headers
  RESPONSE_SECURITY_HEADERS.merge({
    "Camo-Host" => HOSTNAME,
    "Timing-Allow-Origin" => TIMING_ALLOW_ORIGIN
  }).compact
end

#user_agent ⇒ `Object`



35
36
37

# File 'lib/camo/headers_utils.rb', line 35

def user_agent
  HeadersUtils.user_agent
end

Module: Camo::HeadersUtils

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.user_agent ⇒ Object

Instance Method Details

#default_request_headers ⇒ Object

#default_response_headers ⇒ Object

#user_agent ⇒ Object

.user_agent ⇒ `Object`

#default_request_headers ⇒ `Object`

#default_response_headers ⇒ `Object`

#user_agent ⇒ `Object`