Class: HTTP::Security::Response

Inherits:

Object

• Object
• HTTP::Security::Response

Includes:

Enumerable

Defined in:

lib/http/security/response.rb

Constant Summary

PARSERS =

Header names and their corresponding parsers.

{
  'Cache-Control'                       => Parsers::CacheControl,
  'Content-Security-Policy'             => Parsers::ContentSecurityPolicy,
  'Content-Security-Policy-Report-Only' => Parsers::ContentSecurityPolicyReportOnly,
  'Expires'                             => Parsers::Expires,
  'Pragma'                              => Parsers::Pragma,
  'Public-Key-Pins'                     => Parsers::PublicKeyPins,
  'Public-Key-Pins-Report-Only'         => Parsers::PublicKeyPinsReportOnly,
  'Strict-Transport-Security'           => Parsers::StrictTransportSecurity,
  'Set-Cookie'                          => Parsers::SetCookie,
  'X-Content-Type-Options'              => Parsers::XContentTypeOptions,
  'X-Frame-Options'                     => Parsers::XFrameOptions,
  'X-Permitted-Cross-Domain-Policies'   => Parsers::XPermittedCrossDomainPolicies,
  'X-Xss-Protection'                    => Parsers::XXSSProtection
}

HEADERS =

Header names and their corresponding classes

{
  'Cache-Control'                       => Headers::CacheControl,
  'Content-Security-Policy'             => Headers::ContentSecurityPolicy,
  'Content-Security-Policy-Report-Only' => Headers::ContentSecurityPolicyReportOnly,
  'Expires'                             => nil,
  'Pragma'                              => Headers::Pragma,
  'Public-Key-Pins'                     => Headers::PublicKeyPins,
  'Public-Key-Pins-Report-Only'         => Headers::PublicKeyPinsReportOnly,
  'Strict-Transport-Security'           => Headers::StrictTransportSecurity,
  'Set-Cookie'                          => Headers::SetCookie,
  'X-Content-Type-Options'              => Headers::XContentTypeOptions,
  'X-Frame-Options'                     => Headers::XFrameOptions,
  'X-Permitted-Cross-Domain-Policies'   => Headers::XPermittedCrossDomainPolicies,
  'X-Xss-Protection'                    => Headers::XXSSProtection
}

FIELDS =

Header names and their corresponding fields.

{
  'Cache-Control'                       => :cache_control,
  'Content-Security-Policy'             => :content_security_policy,
  'Content-Security-Policy-Report-Only' => :content_security_policy_report_only,
  'Expires'                             => :expires,
  'Pragma'                              => :pragma,
  'Public-Key-Pins'                     => :public_key_pins,
  'Public-Key-Pins-Report-Only'         => :public_key_pins_report_only,
  'Strict-Transport-Security'           => :strict_transport_security,
  'Set-Cookie'                          => :set_cookie,
  'X-Content-Type-Options'              => :x_content_type_options,
  'X-Frame-Options'                     => :x_frame_options,
  'X-Permitted-Cross-Domain-Policies'   => :x_permitted_cross_domain_policies,
  'X-Xss-Protection'                    => :x_xss_protection,
}

Instance Attribute Summary

• #cache_control ⇒ Headers::CacheControl readonly

  The parsed Cache-Control header.

• #content_security_policy ⇒ Headers::ContentSecurityPolicy readonly

  The parsed Content-Security-Policy header.

• #content_security_policy_report_only ⇒ Headers::ContentSecurityPolicyReportOnly readonly

  The parsed Content-Security-Policy-Report-Only header.

• #expires ⇒ HTTPDate readonly

  The parsed Expires header.

• #pragma ⇒ Headers::Pagram readonly

  The parsed Pragma header.

• #public_key_pins ⇒ Headers::PublicKeyPin readonly

  The parsed Public-Key-Pins header.

• #public_key_pins_report_only ⇒ Headers::PublicKeyPinsReportOnly readonly

  The parsed Public-Key-Pins-Report-Only header.

• #set_cookie ⇒ Headers::SetCookie readonly

  The parsed Set-Cookie header.

• #strict_transport_security ⇒ Headers::StrictTransportSecurity readonly

  The parsed Strict-Transport-Security header.

• #x_content_type_options ⇒ Headers::XContentTypeOptions (also: #content_type_options) readonly

  The parsed X-Content-Type-Options header.

• #x_frame_options ⇒ Headers::XFrameOptions (also: #frame_options) readonly

  The parsed X-Frame-Options header.

• #x_permitted_cross_domain_policies ⇒ Headers::XPermittedCrossDomainPolicies (also: #permitted_cross_domain_policies) readonly

  The parsed X-Permitted-Cross-Domain-Policies header.

• #x_xss_protection ⇒ Headers::XXssProtection (also: #xss_protection) readonly

  The parsed X-XSS-Protection header.

Class Method Summary

• .parse(response) ⇒ Response

  Parses the HTTP security headers of a HTTP response.

• .parse!(response) ⇒ Response

  Parses the HTTP security headers of a HTTP response.

• .parse_header(name, value) ⇒ Hash

  Parses an individual header.

Instance Method Summary

• #[](header) ⇒ Object^?

  Accesses an arbitrary security header.

• #each {|name, value| ... } ⇒ Enumerator

  Enumerates over the parsed security header values.

• #initialize(headers = {}) ⇒ Response constructor

  Initializes the response.

Constructor Details

#initialize(headers = {}) ⇒ Response

Initializes the response.

Parameters:

• headers (Hash{Symbol => Object}) (defaults to: {}) —

  The parsed headers.

• options (Hash) —

  a customizable set of options

# File 'lib/http/security/response.rb', line 128

def initialize(headers={})
  @cache_control = headers[:cache_control]
  @content_security_policy = headers[:content_security_policy]
  @content_security_policy_report_only = headers[:content_security_policy_report_only]
  @expires = headers[:expires]
  @pragma = headers[:pragma]
  @public_key_pins = headers[:public_key_pins]
  @public_key_pins_report_only = headers[:public_key_pins_report_only]
  @strict_transport_security = headers[:strict_transport_security]
  @set_cookie = headers[:set_cookie]
  @x_content_type_options = headers[:x_content_type_options]
  @x_frame_options = headers[:x_frame_options]
  @x_permitted_cross_domain_policies = headers[:x_permitted_cross_domain_policies]
  @x_xss_protection = headers[:x_xss_protection]
end

Instance Attribute Details

#cache_control ⇒ Headers::CacheControl (readonly)

The parsed Cache-Control header.

Returns:

• (Headers::CacheControl)

# File 'lib/http/security/response.rb', line 15

def cache_control
  @cache_control
end

#content_security_policy ⇒ Headers::ContentSecurityPolicy (readonly)

The parsed Content-Security-Policy header.

Returns:

• (Headers::ContentSecurityPolicy)

# File 'lib/http/security/response.rb', line 20

def content_security_policy
  @content_security_policy
end

#content_security_policy_report_only ⇒ Headers::ContentSecurityPolicyReportOnly (readonly)

The parsed Content-Security-Policy-Report-Only header.

Returns:

• (Headers::ContentSecurityPolicyReportOnly)

# File 'lib/http/security/response.rb', line 25

def content_security_policy_report_only
  @content_security_policy_report_only
end

#expires ⇒ HTTPDate (readonly)

The parsed Expires header.

Returns:

• (HTTPDate)

# File 'lib/http/security/response.rb', line 30

def expires
  @expires
end

#pragma ⇒ Headers::Pagram (readonly)

The parsed Pragma header.

Returns:

• (Headers::Pagram)

# File 'lib/http/security/response.rb', line 35

def pragma
  @pragma
end

#public_key_pins ⇒ Headers::PublicKeyPin (readonly)

The parsed Public-Key-Pins header.

Returns:

• (Headers::PublicKeyPin)

# File 'lib/http/security/response.rb', line 50

def public_key_pins
  @public_key_pins
end

#public_key_pins_report_only ⇒ Headers::PublicKeyPinsReportOnly (readonly)

The parsed Public-Key-Pins-Report-Only header.

Returns:

• (Headers::PublicKeyPinsReportOnly)

# File 'lib/http/security/response.rb', line 55

def public_key_pins_report_only
  @public_key_pins_report_only
end

#set_cookie ⇒ Headers::SetCookie (readonly)

The parsed Set-Cookie header.

Returns:

• (Headers::SetCookie)

# File 'lib/http/security/response.rb', line 40

def set_cookie
  @set_cookie
end

#strict_transport_security ⇒ Headers::StrictTransportSecurity (readonly)

The parsed Strict-Transport-Security header.

Returns:

• (Headers::StrictTransportSecurity)

# File 'lib/http/security/response.rb', line 45

def strict_transport_security
  @strict_transport_security
end

#x_content_type_options ⇒ Headers::XContentTypeOptions (readonly) Also known as: content_type_options

The parsed X-Content-Type-Options header.

Returns:

• (Headers::XContentTypeOptions)

# File 'lib/http/security/response.rb', line 60

def x_content_type_options
  @x_content_type_options
end

#x_frame_options ⇒ Headers::XFrameOptions (readonly) Also known as: frame_options

The parsed X-Frame-Options header.

Returns:

• (Headers::XFrameOptions)

# File 'lib/http/security/response.rb', line 66

def x_frame_options
  @x_frame_options
end

#x_permitted_cross_domain_policies ⇒ Headers::XPermittedCrossDomainPolicies (readonly) Also known as: permitted_cross_domain_policies

The parsed X-Permitted-Cross-Domain-Policies header.

Returns:

• (Headers::XPermittedCrossDomainPolicies)

# File 'lib/http/security/response.rb', line 72

def x_permitted_cross_domain_policies
  @x_permitted_cross_domain_policies
end

#x_xss_protection ⇒ Headers::XXssProtection (readonly) Also known as: xss_protection

The parsed X-XSS-Protection header.

Returns:

• (Headers::XXssProtection)

# File 'lib/http/security/response.rb', line 78

def x_xss_protection
  @x_xss_protection
end

Class Method Details

.parse(response) ⇒ Response

Parses the HTTP security headers of a HTTP response.

Parameters:

• response (#[]) —

  An HTTP response object. Must provide access to headers via the #[] method.

Returns:

• (Response) —

  The parsed response.

# File 'lib/http/security/response.rb', line 207

def self.parse(response)
  fields = {}

  FIELDS.each do |header,field|
    if (value = response[header])
      fields[field] = begin
                        parse_header(header,value)
                      rescue Parslet::ParseFailed => error
                        MalformedHeader.new(value,error.cause)
                      end
    end
  end

  return new(fields)
end

.parse!(response) ⇒ Response

Parses the HTTP security headers of a HTTP response.

Parameters:

• response (#[]) —

  An HTTP response object. Must provide access to headers via the #[] method.

Returns:

• (Response)

Raises:

• (Parslet::ParseFailed) —

  One of the headers was malformed.

# File 'lib/http/security/response.rb', line 237

def self.parse!(response)
  fields = {}

  FIELDS.each do |name,field|
    if (value = response[name])
      fields[field] = parse_header(name,value)
    end
  end

  return new(fields)
end

.parse_header(name, value) ⇒ Hash

Parses an individual header.

Parameters:

• name (String) —

  The header name.

• value (String) —

  The raw value of the header.

Returns:

• (Hash) —

  The parsed header data.

Raises:

• (InvalidHeader) —

  The header was malformed.

# File 'lib/http/security/response.rb', line 264

def self.parse_header(name,value)
  parser = PARSERS.fetch(name)
  value  = begin
             parser.parse(value)
           rescue Parslet::ParseFailed => error
             raise(InvalidHeader.new(error.message,error.cause))
           end

  if (header = HEADERS[name])
    header.new(value)
  else
    value
  end
end

Instance Method Details

#[](header) ⇒ Object^?

Accesses an arbitrary security header.

Parameters:

• header (String) —

  The canonical header name.

Returns:

• (Object, nil) —

  The parsed header value.

# File 'lib/http/security/response.rb', line 288

def [](header)
  field = FIELDS.fetch(header)

  return instance_variable_get("@#{field}")
end

#each {|name, value| ... } ⇒ Enumerator

Enumerates over the parsed security header values.

Yields:

• (name, value) —

  The given block will be passed each header name and parsed value.

Yield Parameters:

• name (String) —

  The canonical header name.

• value (Object) —

  A header class from Headers.

Returns:

• (Enumerator) —

  If no block was given, an enumerator will be returned.

# File 'lib/http/security/response.rb', line 309

def each
  return enum_for(__method__) unless block_given?

  FIELDS.each do |header,field|
    if (value = self[header])
      yield header, value
    end
  end

  return self
end