Class: Rack::Protection::StrictTransport
- Defined in:
- lib/rack/protection/strict_transport.rb
Overview
- Prevented attack
-
Protects against against protocol downgrade attacks and cookie hijacking.
- Supported browsers
-
all
- More infos
browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
Options:
- max_age
-
How long future requests to the domain should go over HTTPS; specified in seconds
- include_subdomains
-
If all present and future subdomains will be HTTPS
- preload
-
Allow this domain to be included in browsers HSTS preload list. See hstspreload.appspot.com/
Constant Summary
Constants inherited from Base
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from Base
#accepts?, #default_options, default_options, default_reaction, #deny, #drop_session, #encrypt, #html?, #initialize, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#call(env) ⇒ Object
32 33 34 35 36 |
# File 'lib/rack/protection/strict_transport.rb', line 32 def call(env) status, headers, body = @app.call(env) headers['Strict-Transport-Security'] ||= strict_transport [status, headers, body] end |
#strict_transport ⇒ Object
23 24 25 26 27 28 29 30 |
# File 'lib/rack/protection/strict_transport.rb', line 23 def strict_transport @strict_transport ||= begin strict_transport = 'max-age=' + [:max_age].to_s strict_transport += '; includeSubDomains' if [:include_subdomains] strict_transport += '; preload' if [:preload] strict_transport.to_str end end |