Module: SecureHeaders

Included in:
ActionController::Base
Defined in:
lib/secure_headers.rb,
lib/secure_headers/header.rb,
lib/secure_headers/padrino.rb,
lib/secure_headers/railtie.rb,
lib/secure_headers/version.rb,
lib/secure_headers/hash_helper.rb,
lib/secure_headers/view_helper.rb,
lib/secure_headers/headers/public_key_pins.rb,
lib/secure_headers/headers/x_frame_options.rb,
lib/secure_headers/headers/x_xss_protection.rb,
lib/secure_headers/headers/x_download_options.rb,
lib/secure_headers/headers/x_content_type_options.rb,
lib/secure_headers/headers/content_security_policy.rb,
lib/secure_headers/headers/strict_transport_security.rb,
lib/secure_headers/headers/x_permitted_cross_domain_policies.rb,
lib/secure_headers/headers/content_security_policy/script_hash_middleware.rb

Defined Under Namespace

Modules: ClassMethods, Configuration, HashHelper, InstanceMethods, Padrino, ViewHelpers Classes: ContentSecurityPolicy, ContentSecurityPolicyBuildError, Header, PublicKeyPins, PublicKeyPinsBuildError, Railtie, STSBuildError, StrictTransportSecurity, UnexpectedHashedScriptException, XContentTypeOptions, XContentTypeOptionsBuildError, XDOBuildError, XDownloadOptions, XFOBuildError, XFrameOptions, XPCDPBuildError, XPermittedCrossDomainPolicies, XXssProtection, XXssProtectionBuildError

Constant Summary collapse

SCRIPT_HASH_CONFIG_FILE = 
'config/script_hashes.yml'
HASHES_ENV_KEY = 
'secure_headers.script_hashes'
ALL_HEADER_CLASSES = 
[
  SecureHeaders::ContentSecurityPolicy,
  SecureHeaders::StrictTransportSecurity,
  SecureHeaders::PublicKeyPins,
  SecureHeaders::XContentTypeOptions,
  SecureHeaders::XDownloadOptions,
  SecureHeaders::XFrameOptions,
  SecureHeaders::XPermittedCrossDomainPolicies,
  SecureHeaders::XXssProtection
]
VERSION = 
"2.5.0"

Class Method Summary collapse

Class Method Details

.append_features(base) ⇒ Object 



52
53
54
55
56
57
 
# File 'lib/secure_headers.rb', line 52

def append_features(base)
  base.module_eval do
    extend ClassMethods
    include InstanceMethods
  end
end

.get_a_header(klass, options) ⇒ Object 



77
78
79
80
 
# File 'lib/secure_headers.rb', line 77

def get_a_header(klass, options)
  return if options == false
  klass.new(options)
end

.header_hash(options = nil) ⇒ Object 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/secure_headers.rb', line 59

def header_hash(options = nil)
  ALL_HEADER_CLASSES.inject({}) do |memo, klass|
    # must use !options[key].nil? because 'false' represents opting out, nil
    # represents use global default.
    config = if options.is_a?(Hash) && !options[klass::Constants::CONFIG_KEY].nil?
      options[klass::Constants::CONFIG_KEY]
    else
      ::SecureHeaders::Configuration.send(klass::Constants::CONFIG_KEY)
    end

    unless klass == SecureHeaders::PublicKeyPins && !config.is_a?(Hash)
      header = get_a_header(klass, config)
      memo[header.name] = header.value if header
    end
    memo
  end
end