Class: HTTP::Security::Response
- Inherits:
-
Object
- Object
- HTTP::Security::Response
- Includes:
- Enumerable
- Defined in:
- lib/http/security/response.rb
Constant Summary collapse
- PARSERS =
Header names and their corresponding parsers.
{ 'Cache-Control' => Parsers::CacheControl, 'Content-Security-Policy' => Parsers::ContentSecurityPolicy, 'Content-Security-Policy-Report-Only' => Parsers::ContentSecurityPolicyReportOnly, 'Expires' => Parsers::Expires, 'Pragma' => Parsers::Pragma, 'Public-Key-Pins' => Parsers::PublicKeyPins, 'Public-Key-Pins-Report-Only' => Parsers::PublicKeyPinsReportOnly, 'Strict-Transport-Security' => Parsers::StrictTransportSecurity, 'Set-Cookie' => Parsers::SetCookie, 'X-Content-Type-Options' => Parsers::XContentTypeOptions, 'X-Frame-Options' => Parsers::XFrameOptions, 'X-Permitted-Cross-Domain-Policies' => Parsers::XPermittedCrossDomainPolicies, 'X-Xss-Protection' => Parsers::XXSSProtection }
- HEADERS =
Header names and their corresponding classes
{ 'Cache-Control' => Headers::CacheControl, 'Content-Security-Policy' => Headers::ContentSecurityPolicy, 'Content-Security-Policy-Report-Only' => Headers::ContentSecurityPolicyReportOnly, 'Expires' => nil, 'Pragma' => Headers::Pragma, 'Public-Key-Pins' => Headers::PublicKeyPins, 'Public-Key-Pins-Report-Only' => Headers::PublicKeyPinsReportOnly, 'Strict-Transport-Security' => Headers::StrictTransportSecurity, 'Set-Cookie' => Headers::SetCookie, 'X-Content-Type-Options' => Headers::XContentTypeOptions, 'X-Frame-Options' => Headers::XFrameOptions, 'X-Permitted-Cross-Domain-Policies' => Headers::XPermittedCrossDomainPolicies, 'X-Xss-Protection' => Headers::XXSSProtection }
- FIELDS =
Header names and their corresponding fields.
{ 'Cache-Control' => :cache_control, 'Content-Security-Policy' => :content_security_policy, 'Content-Security-Policy-Report-Only' => :content_security_policy_report_only, 'Expires' => :expires, 'Pragma' => :pragma, 'Public-Key-Pins' => :public_key_pins, 'Public-Key-Pins-Report-Only' => :public_key_pins_report_only, 'Strict-Transport-Security' => :strict_transport_security, 'Set-Cookie' => :set_cookie, 'X-Content-Type-Options' => :x_content_type_options, 'X-Frame-Options' => :x_frame_options, 'X-Permitted-Cross-Domain-Policies' => :x_permitted_cross_domain_policies, 'X-Xss-Protection' => :x_xss_protection, }
Instance Attribute Summary collapse
-
#cache_control ⇒ Headers::CacheControl
readonly
The parsed
Cache-Control
header. -
#content_security_policy ⇒ Headers::ContentSecurityPolicy
readonly
The parsed
Content-Security-Policy
header. -
#content_security_policy_report_only ⇒ Headers::ContentSecurityPolicyReportOnly
readonly
The parsed
Content-Security-Policy-Report-Only
header. -
#expires ⇒ HTTPDate
readonly
The parsed
Expires
header. -
#pragma ⇒ Headers::Pagram
readonly
The parsed
Pragma
header. -
#public_key_pins ⇒ Headers::PublicKeyPin
readonly
The parsed
Public-Key-Pins
header. -
#public_key_pins_report_only ⇒ Headers::PublicKeyPinsReportOnly
readonly
The parsed
Public-Key-Pins-Report-Only
header. -
#set_cookie ⇒ Headers::SetCookie
readonly
The parsed
Set-Cookie
header. -
#strict_transport_security ⇒ Headers::StrictTransportSecurity
readonly
The parsed
Strict-Transport-Security
header. -
#x_content_type_options ⇒ Headers::XContentTypeOptions
(also: #content_type_options)
readonly
The parsed
X-Content-Type-Options
header. -
#x_frame_options ⇒ Headers::XFrameOptions
(also: #frame_options)
readonly
The parsed
X-Frame-Options
header. -
#x_permitted_cross_domain_policies ⇒ Headers::XPermittedCrossDomainPolicies
(also: #permitted_cross_domain_policies)
readonly
The parsed
X-Permitted-Cross-Domain-Policies
header. -
#x_xss_protection ⇒ Headers::XXssProtection
(also: #xss_protection)
readonly
The parsed
X-XSS-Protection
header.
Class Method Summary collapse
-
.parse(response) ⇒ Response
Parses the HTTP security headers of a HTTP response.
-
.parse!(response) ⇒ Response
Parses the HTTP security headers of a HTTP response.
-
.parse_header(name, value) ⇒ Hash
Parses an individual header.
Instance Method Summary collapse
-
#[](header) ⇒ Object?
Accesses an arbitrary security header.
-
#each {|name, value| ... } ⇒ Enumerator
Enumerates over the parsed security header values.
-
#initialize(headers = {}) ⇒ Response
constructor
Initializes the response.
Constructor Details
#initialize(headers = {}) ⇒ Response
Initializes the response.
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/http/security/response.rb', line 128 def initialize(headers={}) @cache_control = headers[:cache_control] @content_security_policy = headers[:content_security_policy] @content_security_policy_report_only = headers[:content_security_policy_report_only] @expires = headers[:expires] @pragma = headers[:pragma] @public_key_pins = headers[:public_key_pins] @public_key_pins_report_only = headers[:public_key_pins_report_only] @strict_transport_security = headers[:strict_transport_security] @set_cookie = headers[:set_cookie] @x_content_type_options = headers[:x_content_type_options] @x_frame_options = headers[:x_frame_options] @x_permitted_cross_domain_policies = headers[:x_permitted_cross_domain_policies] @x_xss_protection = headers[:x_xss_protection] end |
Instance Attribute Details
#cache_control ⇒ Headers::CacheControl (readonly)
The parsed Cache-Control
header.
15 16 17 |
# File 'lib/http/security/response.rb', line 15 def cache_control @cache_control end |
#content_security_policy ⇒ Headers::ContentSecurityPolicy (readonly)
The parsed Content-Security-Policy
header.
20 21 22 |
# File 'lib/http/security/response.rb', line 20 def content_security_policy @content_security_policy end |
#content_security_policy_report_only ⇒ Headers::ContentSecurityPolicyReportOnly (readonly)
The parsed Content-Security-Policy-Report-Only
header.
25 26 27 |
# File 'lib/http/security/response.rb', line 25 def content_security_policy_report_only @content_security_policy_report_only end |
#expires ⇒ HTTPDate (readonly)
The parsed Expires
header.
30 31 32 |
# File 'lib/http/security/response.rb', line 30 def expires @expires end |
#pragma ⇒ Headers::Pagram (readonly)
The parsed Pragma
header.
35 36 37 |
# File 'lib/http/security/response.rb', line 35 def pragma @pragma end |
#public_key_pins ⇒ Headers::PublicKeyPin (readonly)
The parsed Public-Key-Pins
header.
50 51 52 |
# File 'lib/http/security/response.rb', line 50 def public_key_pins @public_key_pins end |
#public_key_pins_report_only ⇒ Headers::PublicKeyPinsReportOnly (readonly)
The parsed Public-Key-Pins-Report-Only
header.
55 56 57 |
# File 'lib/http/security/response.rb', line 55 def public_key_pins_report_only @public_key_pins_report_only end |
#set_cookie ⇒ Headers::SetCookie (readonly)
The parsed Set-Cookie
header.
40 41 42 |
# File 'lib/http/security/response.rb', line 40 def @set_cookie end |
#strict_transport_security ⇒ Headers::StrictTransportSecurity (readonly)
The parsed Strict-Transport-Security
header.
45 46 47 |
# File 'lib/http/security/response.rb', line 45 def strict_transport_security @strict_transport_security end |
#x_content_type_options ⇒ Headers::XContentTypeOptions (readonly) Also known as: content_type_options
The parsed X-Content-Type-Options
header.
60 61 62 |
# File 'lib/http/security/response.rb', line 60 def @x_content_type_options end |
#x_frame_options ⇒ Headers::XFrameOptions (readonly) Also known as: frame_options
The parsed X-Frame-Options
header.
66 67 68 |
# File 'lib/http/security/response.rb', line 66 def @x_frame_options end |
#x_permitted_cross_domain_policies ⇒ Headers::XPermittedCrossDomainPolicies (readonly) Also known as: permitted_cross_domain_policies
The parsed X-Permitted-Cross-Domain-Policies
header.
72 73 74 |
# File 'lib/http/security/response.rb', line 72 def x_permitted_cross_domain_policies @x_permitted_cross_domain_policies end |
#x_xss_protection ⇒ Headers::XXssProtection (readonly) Also known as: xss_protection
The parsed X-XSS-Protection
header.
78 79 80 |
# File 'lib/http/security/response.rb', line 78 def x_xss_protection @x_xss_protection end |
Class Method Details
.parse(response) ⇒ Response
Parses the HTTP security headers of a HTTP response.
207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 |
# File 'lib/http/security/response.rb', line 207 def self.parse(response) fields = {} FIELDS.each do |header,field| if (value = response[header]) fields[field] = begin parse_header(header,value) rescue Parslet::ParseFailed => error MalformedHeader.new(value,error.cause) end end end return new(fields) end |
.parse!(response) ⇒ Response
Parses the HTTP security headers of a HTTP response.
237 238 239 240 241 242 243 244 245 246 247 |
# File 'lib/http/security/response.rb', line 237 def self.parse!(response) fields = {} FIELDS.each do |name,field| if (value = response[name]) fields[field] = parse_header(name,value) end end return new(fields) end |
.parse_header(name, value) ⇒ Hash
Parses an individual header.
264 265 266 267 268 269 270 271 272 273 274 275 276 277 |
# File 'lib/http/security/response.rb', line 264 def self.parse_header(name,value) parser = PARSERS.fetch(name) value = begin parser.parse(value) rescue Parslet::ParseFailed => error raise(InvalidHeader.new(error.,error.cause)) end if (header = HEADERS[name]) header.new(value) else value end end |
Instance Method Details
#[](header) ⇒ Object?
Accesses an arbitrary security header.
288 289 290 291 292 |
# File 'lib/http/security/response.rb', line 288 def [](header) field = FIELDS.fetch(header) return instance_variable_get("@#{field}") end |
#each {|name, value| ... } ⇒ Enumerator
Enumerates over the parsed security header values.
309 310 311 312 313 314 315 316 317 318 319 |
# File 'lib/http/security/response.rb', line 309 def each return enum_for(__method__) unless block_given? FIELDS.each do |header,field| if (value = self[header]) yield header, value end end return self end |