Class: SecureHeaders::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/secure_headers/configuration.rb

Defined Under Namespace

Classes: IllegalPolicyModificationError, NotYetConfiguredError

Constant Summary collapse

DEFAULT_CONFIG = 
:default
NOOP_CONFIGURATION = 
"secure_headers_noop_config"

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(&block) ⇒ Configuration

Returns a new instance of Configuration.



108
109
110
111
112
 
# File 'lib/secure_headers/configuration.rb', line 108

def initialize(&block)
  self.hpkp = OPT_OUT
  self.csp = self.class.send(:deep_copy, CSP::DEFAULT_CONFIG)
  instance_eval &block if block_given?
end

Instance Attribute Details

#cached_headersObject

Returns the value of attribute cached_headers.



106
107
108
 
# File 'lib/secure_headers/configuration.rb', line 106

def cached_headers
  @cached_headers
end

#cspObject

Returns the value of attribute csp.



106
107
108
 
# File 'lib/secure_headers/configuration.rb', line 106

def csp
  @csp
end

#dynamic_cspObject

Returns the value of attribute dynamic_csp.



106
107
108
 
# File 'lib/secure_headers/configuration.rb', line 106

def dynamic_csp
  @dynamic_csp
end

#hpkp=(value) ⇒ Object (writeonly)

Sets the attribute hpkp

Parameters:

  • value

    the value to set the attribute hpkp to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def hpkp=(value)
  @hpkp = value
end

#hsts=(value) ⇒ Object (writeonly)

Sets the attribute hsts

Parameters:

  • value

    the value to set the attribute hsts to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def hsts=(value)
  @hsts = value
end

#secure_cookiesObject

Returns the value of attribute secure_cookies.



106
107
108
 
# File 'lib/secure_headers/configuration.rb', line 106

def secure_cookies
  @secure_cookies
end

#x_content_type_options=(value) ⇒ Object (writeonly)

Sets the attribute x_content_type_options

Parameters:

  • value

    the value to set the attribute x_content_type_options to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def x_content_type_options=(value)
  @x_content_type_options = value
end

#x_download_options=(value) ⇒ Object (writeonly)

Sets the attribute x_download_options

Parameters:

  • value

    the value to set the attribute x_download_options to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def x_download_options=(value)
  @x_download_options = value
end

#x_frame_options=(value) ⇒ Object (writeonly)

Sets the attribute x_frame_options

Parameters:

  • value

    the value to set the attribute x_frame_options to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def x_frame_options=(value)
  @x_frame_options = value
end

#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)

Sets the attribute x_permitted_cross_domain_policies

Parameters:

  • value

    the value to set the attribute x_permitted_cross_domain_policies to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def x_permitted_cross_domain_policies=(value)
  @x_permitted_cross_domain_policies = value
end

#x_xss_protection=(value) ⇒ Object (writeonly)

Sets the attribute x_xss_protection

Parameters:

  • value

    the value to set the attribute x_xss_protection to.



102
103
104
 
# File 'lib/secure_headers/configuration.rb', line 102

def x_xss_protection=(value)
  @x_xss_protection = value
end

Class Method Details

.default(&block) ⇒ Object Also known as: configure

Public: Set the global default configuration.

Optionally supply a block to override the defaults set by this library.

Returns the newly created config.



13
14
15
16
17
 
# File 'lib/secure_headers/configuration.rb', line 13

def default(&block)
  config = new(&block)
  add_noop_configuration
  add_configuration(DEFAULT_CONFIG, config)
end

.get(name = DEFAULT_CONFIG) ⇒ Object

Public: retrieve a global configuration object

Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.



40
41
42
43
44
45
 
# File 'lib/secure_headers/configuration.rb', line 40

def get(name = DEFAULT_CONFIG)
  if @configurations.nil?
    raise NotYetConfiguredError, "Default policy not yet supplied"
  end
  @configurations[name]
end

.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object

Public: create a named configuration that overrides the default config.

name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.

Returns: the newly created config



27
28
29
30
31
32
33
34
 
# File 'lib/secure_headers/configuration.rb', line 27

def override(name, base = DEFAULT_CONFIG, &block)
  unless get(base)
    raise NotYetConfiguredError, "#{base} policy not yet supplied"
  end
  override = @configurations[base].dup
  override.instance_eval &block if block_given?
  add_configuration(name, override)
end

Instance Method Details

#current_cspObject 



148
149
150
 
# File 'lib/secure_headers/configuration.rb', line 148

def current_csp
  @dynamic_csp || @csp
end

#dupObject

Public: copy everything but the cached headers

Returns a deep-dup’d copy of this configuration.



117
118
119
120
121
122
123
124
 
# File 'lib/secure_headers/configuration.rb', line 117

def dup
  copy = self.class.new
  copy.secure_cookies = @secure_cookies
  copy.csp = self.class.send(:deep_copy_if_hash, @csp)
  copy.dynamic_csp = self.class.send(:deep_copy_if_hash, @dynamic_csp)
  copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers)
  copy
end

#opt_out(header) ⇒ Object 



126
127
128
129
130
131
132
 
# File 'lib/secure_headers/configuration.rb', line 126

def opt_out(header)
  send("#{header}=", OPT_OUT)
  if header == CSP::CONFIG_KEY
    dynamic_csp = OPT_OUT
  end
  self.cached_headers.delete(header)
end

#rebuild_csp_header_cache!(user_agent) ⇒ Object

Public: generated cached headers for a specific user agent.



139
140
141
142
143
144
145
146
 
# File 'lib/secure_headers/configuration.rb', line 139

def rebuild_csp_header_cache!(user_agent)
  self.cached_headers[CSP::CONFIG_KEY] = {}
  unless current_csp == OPT_OUT
    user_agent = UserAgent.parse(user_agent)
    variation = CSP.ua_to_variation(user_agent)
    self.cached_headers[CSP::CONFIG_KEY][variation] = CSP.make_header(current_csp, user_agent)
  end
end

#update_x_frame_options(value) ⇒ Object 



134
135
136
 
# File 'lib/secure_headers/configuration.rb', line 134

def update_x_frame_options(value)
  self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value)
end

#validate_config!Object

Public: validates all configurations values.

Raises various configuration errors if any invalid config is detected.

Returns nothing



157
158
159
160
161
162
163
164
165
166
 
# File 'lib/secure_headers/configuration.rb', line 157

def validate_config!
  StrictTransportSecurity.validate_config!(@hsts)
  ContentSecurityPolicy.validate_config!(@csp)
  XFrameOptions.validate_config!(@x_frame_options)
  XContentTypeOptions.validate_config!(@x_content_type_options)
  XXssProtection.validate_config!(@x_xss_protection)
  XDownloadOptions.validate_config!(@x_download_options)
  XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies)
  PublicKeyPins.validate_config!(@hpkp)
end