Class: Rack::SecureHeaders

Inherits:

Object

• Object
• Rack::SecureHeaders

Defined in:

lib/rack/secure_headers.rb,
lib/rack/secure_headers/version.rb

Constant Summary

DEFAULTS =

{
  hsts: { max_age: "31536000", include_subdomains: true },
  x_content_type_options: "nosniff",
  x_frame_options: "SAMEORIGIN",
  x_permitted_cross_domain_policies: "none",
  x_xss_protection: "1; mode=block"
}

VERSION =

"0.0.3"

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, options = {}) ⇒ SecureHeaders constructor

  A new instance of SecureHeaders.

Constructor Details

#initialize(app, options = {}) ⇒ SecureHeaders

Returns a new instance of SecureHeaders.

# File 'lib/rack/secure_headers.rb', line 13

def initialize(app, options = {})
  options = DEFAULTS.merge(options)

  @app = app
  @headers = base_headers(options)

  if options[:hsts]
    @headers["Strict-Transport-Security"] = hsts_header(options[:hsts])
  end
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/rack/secure_headers.rb', line 24

def call(env)
  return @app.call(env).tap do |_, headers, _|
    @headers.each do |key, value|
      headers[key] ||= value
    end
  end
end