Module: SecureHeaders::ViewHelpers
- Includes:
- HashHelper
- Defined in:
- lib/secure_headers/view_helper.rb
Defined Under Namespace
Classes: UnexpectedHashedScriptException
Constant Summary collapse
- SECURE_HEADERS_RAKE_TASK =
"rake secure_headers:generate_hashes"
Instance Method Summary collapse
-
#content_security_policy_nonce(type) ⇒ Object
Public: use the content security policy nonce for this request directly.
- #content_security_policy_script_nonce ⇒ Object
- #content_security_policy_style_nonce ⇒ Object
-
#hashed_javascript_tag(raise_error_on_unrecognized_hash = nil, &block) ⇒ Object
Checks to see if the hashed code is expected and adds the hash source value to the current CSP.
- #hashed_style_tag(raise_error_on_unrecognized_hash = nil, &block) ⇒ Object
-
#nonced_javascript_tag(content_or_options = {}, &block) ⇒ Object
Public: create a script tag using the content security policy nonce.
-
#nonced_style_tag(content_or_options = {}, &block) ⇒ Object
Public: create a style tag using the content security policy nonce.
Methods included from HashHelper
Instance Method Details
#content_security_policy_nonce(type) ⇒ Object
Public: use the content security policy nonce for this request directly. Instructs secure_headers to append a nonce to style/script-src directives.
Returns a non-html-safe nonce value.
28 29 30 31 32 33 34 35 |
# File 'lib/secure_headers/view_helper.rb', line 28 def content_security_policy_nonce(type) case type when :script SecureHeaders.content_security_policy_script_nonce(@_request) when :style SecureHeaders.content_security_policy_style_nonce(@_request) end end |
#content_security_policy_script_nonce ⇒ Object
37 38 39 |
# File 'lib/secure_headers/view_helper.rb', line 37 def content_security_policy_script_nonce content_security_policy_nonce(:script) end |
#content_security_policy_style_nonce ⇒ Object
41 42 43 |
# File 'lib/secure_headers/view_helper.rb', line 41 def content_security_policy_style_nonce content_security_policy_nonce(:style) end |
#hashed_javascript_tag(raise_error_on_unrecognized_hash = nil, &block) ⇒ Object
Checks to see if the hashed code is expected and adds the hash source value to the current CSP.
By default, in development/test/etc. an exception will be raised.
50 51 52 53 54 55 56 57 58 |
# File 'lib/secure_headers/view_helper.rb', line 50 def hashed_javascript_tag(raise_error_on_unrecognized_hash = nil, &block) hashed_tag( :script, :script_src, Configuration.instance_variable_get(:@script_hashes), raise_error_on_unrecognized_hash, block ) end |
#hashed_style_tag(raise_error_on_unrecognized_hash = nil, &block) ⇒ Object
60 61 62 63 64 65 66 67 68 |
# File 'lib/secure_headers/view_helper.rb', line 60 def hashed_style_tag(raise_error_on_unrecognized_hash = nil, &block) hashed_tag( :style, :style_src, Configuration.instance_variable_get(:@style_hashes), raise_error_on_unrecognized_hash, block ) end |
#nonced_javascript_tag(content_or_options = {}, &block) ⇒ Object
Public: create a script tag using the content security policy nonce. Instructs secure_headers to append a nonce to style/script-src directives.
Returns an html-safe script tag with the nonce attribute.
20 21 22 |
# File 'lib/secure_headers/view_helper.rb', line 20 def nonced_javascript_tag( = {}, &block) nonced_tag(:script, , block) end |
#nonced_style_tag(content_or_options = {}, &block) ⇒ Object
Public: create a style tag using the content security policy nonce. Instructs secure_headers to append a nonce to style/script-src directives.
Returns an html-safe style tag with the nonce attribute.
12 13 14 |
# File 'lib/secure_headers/view_helper.rb', line 12 def nonced_style_tag( = {}, &block) nonced_tag(:style, , block) end |