Class: SecureHeaders::Configuration
- Inherits:
-
Object
- Object
- SecureHeaders::Configuration
- Defined in:
- lib/secure_headers/configuration.rb
Defined Under Namespace
Classes: IllegalPolicyModificationError, NotYetConfiguredError
Constant Summary collapse
- DEFAULT_CONFIG =
:default
- NOOP_CONFIGURATION =
"secure_headers_noop_config"
- HASH_CONFIG_FILE =
ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"
Instance Attribute Summary collapse
-
#cached_headers ⇒ Object
readonly
Returns the value of attribute cached_headers.
-
#clear_site_data ⇒ Object
writeonly
Sets the attribute clear_site_data.
-
#cookies ⇒ Object
readonly
Returns the value of attribute cookies.
-
#csp ⇒ Object
Returns the value of attribute csp.
-
#csp_report_only ⇒ Object
Returns the value of attribute csp_report_only.
-
#hpkp ⇒ Object
readonly
Returns the value of attribute hpkp.
-
#hpkp_report_host ⇒ Object
readonly
Returns the value of attribute hpkp_report_host.
-
#hsts ⇒ Object
writeonly
Sets the attribute hsts.
-
#referrer_policy ⇒ Object
writeonly
Sets the attribute referrer_policy.
-
#x_content_type_options ⇒ Object
writeonly
Sets the attribute x_content_type_options.
-
#x_download_options ⇒ Object
writeonly
Sets the attribute x_download_options.
-
#x_frame_options ⇒ Object
writeonly
Sets the attribute x_frame_options.
-
#x_permitted_cross_domain_policies ⇒ Object
writeonly
Sets the attribute x_permitted_cross_domain_policies.
-
#x_xss_protection ⇒ Object
writeonly
Sets the attribute x_xss_protection.
Class Method Summary collapse
-
.default(&block) ⇒ Object
(also: configure)
Public: Set the global default configuration.
-
.get(name = DEFAULT_CONFIG) ⇒ Object
Public: retrieve a global configuration object.
- .named_append(name, target = nil, &block) ⇒ Object
- .named_appends(name) ⇒ Object
-
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
Instance Method Summary collapse
-
#dup ⇒ Object
Public: copy everything but the cached headers.
-
#initialize(&block) ⇒ Configuration
constructor
A new instance of Configuration.
- #opt_out(header) ⇒ Object
- #secure_cookies=(secure_cookies) ⇒ Object
- #update_x_frame_options(value) ⇒ Object
-
#validate_config! ⇒ Object
Public: validates all configurations values.
Constructor Details
#initialize(&block) ⇒ Configuration
Returns a new instance of Configuration.
130 131 132 133 134 135 136 |
# File 'lib/secure_headers/configuration.rb', line 130 def initialize(&block) self.hpkp = OPT_OUT self.referrer_policy = OPT_OUT self.csp = ContentSecurityPolicyConfig.new(ContentSecurityPolicyConfig::DEFAULT) self.csp_report_only = OPT_OUT instance_eval &block if block_given? end |
Instance Attribute Details
#cached_headers ⇒ Object
Returns the value of attribute cached_headers.
121 122 123 |
# File 'lib/secure_headers/configuration.rb', line 121 def cached_headers @cached_headers end |
#clear_site_data=(value) ⇒ Object (writeonly)
Sets the attribute clear_site_data
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def clear_site_data=(value) @clear_site_data = value end |
#cookies ⇒ Object
Returns the value of attribute cookies.
121 122 123 |
# File 'lib/secure_headers/configuration.rb', line 121 def @cookies end |
#csp ⇒ Object
Returns the value of attribute csp.
121 122 123 |
# File 'lib/secure_headers/configuration.rb', line 121 def csp @csp end |
#csp_report_only ⇒ Object
Returns the value of attribute csp_report_only.
121 122 123 |
# File 'lib/secure_headers/configuration.rb', line 121 def csp_report_only @csp_report_only end |
#hpkp ⇒ Object
Returns the value of attribute hpkp.
121 122 123 |
# File 'lib/secure_headers/configuration.rb', line 121 def hpkp @hpkp end |
#hpkp_report_host ⇒ Object
Returns the value of attribute hpkp_report_host.
121 122 123 |
# File 'lib/secure_headers/configuration.rb', line 121 def hpkp_report_host @hpkp_report_host end |
#hsts=(value) ⇒ Object (writeonly)
Sets the attribute hsts
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def hsts=(value) @hsts = value end |
#referrer_policy=(value) ⇒ Object (writeonly)
Sets the attribute referrer_policy
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def referrer_policy=(value) @referrer_policy = value end |
#x_content_type_options=(value) ⇒ Object (writeonly)
Sets the attribute x_content_type_options
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def (value) @x_content_type_options = value end |
#x_download_options=(value) ⇒ Object (writeonly)
Sets the attribute x_download_options
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def (value) @x_download_options = value end |
#x_frame_options=(value) ⇒ Object (writeonly)
Sets the attribute x_frame_options
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def (value) @x_frame_options = value end |
#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)
Sets the attribute x_permitted_cross_domain_policies
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def x_permitted_cross_domain_policies=(value) @x_permitted_cross_domain_policies = value end |
#x_xss_protection=(value) ⇒ Object (writeonly)
Sets the attribute x_xss_protection
117 118 119 |
# File 'lib/secure_headers/configuration.rb', line 117 def x_xss_protection=(value) @x_xss_protection = value end |
Class Method Details
.default(&block) ⇒ Object Also known as: configure
Public: Set the global default configuration.
Optionally supply a block to override the defaults set by this library.
Returns the newly created config.
15 16 17 18 19 |
# File 'lib/secure_headers/configuration.rb', line 15 def default(&block) config = new(&block) add_noop_configuration add_configuration(DEFAULT_CONFIG, config) end |
.get(name = DEFAULT_CONFIG) ⇒ Object
Public: retrieve a global configuration object
Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.
42 43 44 45 46 47 |
# File 'lib/secure_headers/configuration.rb', line 42 def get(name = DEFAULT_CONFIG) if @configurations.nil? raise NotYetConfiguredError, "Default policy not yet supplied" end @configurations[name] end |
.named_append(name, target = nil, &block) ⇒ Object
54 55 56 57 58 |
# File 'lib/secure_headers/configuration.rb', line 54 def named_append(name, target = nil, &block) @appends ||= {} raise "Provide a configuration block" unless block_given? @appends[name] = block end |
.named_appends(name) ⇒ Object
49 50 51 52 |
# File 'lib/secure_headers/configuration.rb', line 49 def named_appends(name) @appends ||= {} @appends[name] end |
.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object
Public: create a named configuration that overrides the default config.
name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.
Returns: the newly created config
29 30 31 32 33 34 35 36 |
# File 'lib/secure_headers/configuration.rb', line 29 def override(name, base = DEFAULT_CONFIG, &block) unless get(base) raise NotYetConfiguredError, "#{base} policy not yet supplied" end override = @configurations[base].dup override.instance_eval &block if block_given? add_configuration(name, override) end |
Instance Method Details
#dup ⇒ Object
Public: copy everything but the cached headers
Returns a deep-dup’d copy of this configuration.
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/secure_headers/configuration.rb', line 141 def dup copy = self.class.new copy. = self.class.send(:deep_copy_if_hash, @cookies) copy.csp = @csp.dup if @csp copy.csp_report_only = @csp_report_only.dup if @csp_report_only copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers) copy. = @x_content_type_options copy.hsts = @hsts copy. = @x_frame_options copy.x_xss_protection = @x_xss_protection copy. = @x_download_options copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies copy.clear_site_data = @clear_site_data copy.referrer_policy = @referrer_policy copy.hpkp = @hpkp copy.hpkp_report_host = @hpkp_report_host copy end |
#opt_out(header) ⇒ Object
160 161 162 163 |
# File 'lib/secure_headers/configuration.rb', line 160 def opt_out(header) send("#{header}=", OPT_OUT) self.cached_headers.delete(header) end |
#secure_cookies=(secure_cookies) ⇒ Object
190 191 192 193 |
# File 'lib/secure_headers/configuration.rb', line 190 def () Kernel.warn "#{Kernel.caller.first}: [DEPRECATION] `#secure_cookies=` is deprecated. Please use `#cookies=` to configure secure cookies instead." @cookies = (@cookies || {}).merge(secure: ) end |
#update_x_frame_options(value) ⇒ Object
165 166 167 168 |
# File 'lib/secure_headers/configuration.rb', line 165 def (value) @x_frame_options = value self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value) end |
#validate_config! ⇒ Object
Public: validates all configurations values.
Raises various configuration errors if any invalid config is detected.
Returns nothing
175 176 177 178 179 180 181 182 183 184 185 186 187 188 |
# File 'lib/secure_headers/configuration.rb', line 175 def validate_config! StrictTransportSecurity.validate_config!(@hsts) ContentSecurityPolicy.validate_config!(@csp) ContentSecurityPolicy.validate_config!(@csp_report_only) ReferrerPolicy.validate_config!(@referrer_policy) XFrameOptions.validate_config!(@x_frame_options) XContentTypeOptions.validate_config!(@x_content_type_options) XXssProtection.validate_config!(@x_xss_protection) XDownloadOptions.validate_config!(@x_download_options) XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies) ClearSiteData.validate_config!(@clear_site_data) PublicKeyPins.validate_config!(@hpkp) Cookie.validate_config!(@cookies) end |