Module: Camo::HeadersUtils
Constant Summary collapse
- HOSTNAME =
ENV.fetch("CAMORB_HOSTNAME", "unknown")
- TIMING_ALLOW_ORIGIN =
ENV.fetch("CAMORB_TIMING_ALLOW_ORIGIN", nil)
- REQUEST_SECURITY_HEADERS =
{ "X-Frame-Options" => "deny", "X-XSS-Protection" => "1; mode=block", "X-Content-Type-Options" => "nosniff", "Content-Security-Policy" => "default-src 'none'; img-src data:; style-src 'unsafe-inline'" }
- RESPONSE_SECURITY_HEADERS =
REQUEST_SECURITY_HEADERS.merge({ "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" })
Class Method Summary collapse
Instance Method Summary collapse
Class Method Details
Instance Method Details
#default_request_headers ⇒ Object
28 29 30 31 32 33 |
# File 'lib/camo/headers_utils.rb', line 28 def default_request_headers REQUEST_SECURITY_HEADERS.merge({ "Via" => user_agent, "User-Agent" => user_agent }) end |
#default_response_headers ⇒ Object
21 22 23 24 25 26 |
# File 'lib/camo/headers_utils.rb', line 21 def default_response_headers RESPONSE_SECURITY_HEADERS.merge({ "Camo-Host" => HOSTNAME, "Timing-Allow-Origin" => TIMING_ALLOW_ORIGIN }).compact end |
#user_agent ⇒ Object
35 36 37 |
# File 'lib/camo/headers_utils.rb', line 35 def user_agent HeadersUtils.user_agent end |