Class: SecureHeaders::Configuration

Inherits:

Object

• Object
• SecureHeaders::Configuration

Defined in:

lib/secure_headers/configuration.rb

Defined Under Namespace

Classes: IllegalPolicyModificationError, NotYetConfiguredError

Constant Summary

DEFAULT_CONFIG =

:default

NOOP_CONFIGURATION =

"secure_headers_noop_config"

HASH_CONFIG_FILE =

ENV["secure_headers_generated_hashes_file"] || "config/secure_headers_generated_hashes.yml"

Instance Attribute Summary

• #cached_headers ⇒ Object readonly

  Returns the value of attribute cached_headers.

• #clear_site_data ⇒ Object writeonly

  Sets the attribute clear_site_data.

• #cookies ⇒ Object readonly

  Returns the value of attribute cookies.

• #csp ⇒ Object

  Returns the value of attribute csp.

• #csp_report_only ⇒ Object

  Returns the value of attribute csp_report_only.

• #expect_certificate_transparency ⇒ Object writeonly

  Sets the attribute expect_certificate_transparency.

• #hpkp ⇒ Object readonly

  Returns the value of attribute hpkp.

• #hpkp_report_host ⇒ Object readonly

  Returns the value of attribute hpkp_report_host.

• #hsts ⇒ Object writeonly

  Sets the attribute hsts.

• #referrer_policy ⇒ Object writeonly

  Sets the attribute referrer_policy.

• #x_content_type_options ⇒ Object writeonly

  Sets the attribute x_content_type_options.

• #x_download_options ⇒ Object writeonly

  Sets the attribute x_download_options.

• #x_frame_options ⇒ Object writeonly

  Sets the attribute x_frame_options.

• #x_permitted_cross_domain_policies ⇒ Object writeonly

  Sets the attribute x_permitted_cross_domain_policies.

• #x_xss_protection ⇒ Object writeonly

  Sets the attribute x_xss_protection.

Class Method Summary

• .default(&block) ⇒ Object (also: configure)

  Public: Set the global default configuration.

• .get(name = DEFAULT_CONFIG) ⇒ Object

  Public: retrieve a global configuration object.

• .named_append(name, target = nil, &block) ⇒ Object
• .named_appends(name) ⇒ Object
• .override(name, base = DEFAULT_CONFIG, &block) ⇒ Object

  Public: create a named configuration that overrides the default config.

Instance Method Summary

• #dup ⇒ Object

  Public: copy everything but the cached headers.

• #initialize(&block) ⇒ Configuration constructor

  A new instance of Configuration.

• #opt_out(header) ⇒ Object
• #secure_cookies=(secure_cookies) ⇒ Object
• #update_x_frame_options(value) ⇒ Object
• #validate_config! ⇒ Object

  Public: validates all configurations values.

Constructor Details

#initialize(&block) ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/secure_headers/configuration.rb', line 133

def initialize(&block)
  @cookies = nil
  @clear_site_data = nil
  @csp = nil
  @csp_report_only = nil
  @hpkp_report_host = nil
  @hpkp = nil
  @hsts = nil
  @x_content_type_options = nil
  @x_download_options = nil
  @x_frame_options = nil
  @x_permitted_cross_domain_policies = nil
  @x_xss_protection = nil
  @expect_certificate_transparency = nil

  self.hpkp = OPT_OUT
  self.referrer_policy = OPT_OUT
  self.csp = ContentSecurityPolicyConfig.new(ContentSecurityPolicyConfig::DEFAULT)
  self.csp_report_only = OPT_OUT

  instance_eval(&block) if block_given?
end

Instance Attribute Details

#cached_headers ⇒ Object

Returns the value of attribute cached_headers.

# File 'lib/secure_headers/configuration.rb', line 121

def cached_headers
  @cached_headers
end

#clear_site_data=(value) ⇒ Object (writeonly)

Sets the attribute clear_site_data

Parameters:

• value —

  the value to set the attribute clear_site_data to.

# File 'lib/secure_headers/configuration.rb', line 117

def clear_site_data=(value)
  @clear_site_data = value
end

#cookies ⇒ Object

Returns the value of attribute cookies.

# File 'lib/secure_headers/configuration.rb', line 121

def cookies
  @cookies
end

#csp ⇒ Object

Returns the value of attribute csp.

# File 'lib/secure_headers/configuration.rb', line 121

def csp
  @csp
end

#csp_report_only ⇒ Object

Returns the value of attribute csp_report_only.

# File 'lib/secure_headers/configuration.rb', line 121

def csp_report_only
  @csp_report_only
end

#expect_certificate_transparency=(value) ⇒ Object (writeonly)

Sets the attribute expect_certificate_transparency

Parameters:

• value —

  the value to set the attribute expect_certificate_transparency to.

# File 'lib/secure_headers/configuration.rb', line 117

def expect_certificate_transparency=(value)
  @expect_certificate_transparency = value
end

#hpkp ⇒ Object

Returns the value of attribute hpkp.

# File 'lib/secure_headers/configuration.rb', line 121

def hpkp
  @hpkp
end

#hpkp_report_host ⇒ Object

Returns the value of attribute hpkp_report_host.

# File 'lib/secure_headers/configuration.rb', line 121

def hpkp_report_host
  @hpkp_report_host
end

#hsts=(value) ⇒ Object (writeonly)

Sets the attribute hsts

Parameters:

• value —

  the value to set the attribute hsts to.

# File 'lib/secure_headers/configuration.rb', line 117

def hsts=(value)
  @hsts = value
end

#referrer_policy=(value) ⇒ Object (writeonly)

Sets the attribute referrer_policy

Parameters:

• value —

  the value to set the attribute referrer_policy to.

# File 'lib/secure_headers/configuration.rb', line 117

def referrer_policy=(value)
  @referrer_policy = value
end

#x_content_type_options=(value) ⇒ Object (writeonly)

Sets the attribute x_content_type_options

Parameters:

• value —

  the value to set the attribute x_content_type_options to.

# File 'lib/secure_headers/configuration.rb', line 117

def x_content_type_options=(value)
  @x_content_type_options = value
end

#x_download_options=(value) ⇒ Object (writeonly)

Sets the attribute x_download_options

Parameters:

• value —

  the value to set the attribute x_download_options to.

# File 'lib/secure_headers/configuration.rb', line 117

def x_download_options=(value)
  @x_download_options = value
end

#x_frame_options=(value) ⇒ Object (writeonly)

Sets the attribute x_frame_options

Parameters:

• value —

  the value to set the attribute x_frame_options to.

# File 'lib/secure_headers/configuration.rb', line 117

def x_frame_options=(value)
  @x_frame_options = value
end

#x_permitted_cross_domain_policies=(value) ⇒ Object (writeonly)

Sets the attribute x_permitted_cross_domain_policies

Parameters:

• value —

  the value to set the attribute x_permitted_cross_domain_policies to.

# File 'lib/secure_headers/configuration.rb', line 117

def x_permitted_cross_domain_policies=(value)
  @x_permitted_cross_domain_policies = value
end

#x_xss_protection=(value) ⇒ Object (writeonly)

Sets the attribute x_xss_protection

Parameters:

• value —

  the value to set the attribute x_xss_protection to.

# File 'lib/secure_headers/configuration.rb', line 117

def x_xss_protection=(value)
  @x_xss_protection = value
end

Class Method Details

.default(&block) ⇒ Object Also known as: configure

Public: Set the global default configuration.

Optionally supply a block to override the defaults set by this library.

Returns the newly created config.

# File 'lib/secure_headers/configuration.rb', line 15

def default(&block)
  config = new(&block)
  add_noop_configuration
  add_configuration(DEFAULT_CONFIG, config)
end

.get(name = DEFAULT_CONFIG) ⇒ Object

Public: retrieve a global configuration object

Returns the configuration with a given name or raises a NotYetConfiguredError if ‘default` has not been called.

# File 'lib/secure_headers/configuration.rb', line 42

def get(name = DEFAULT_CONFIG)
  if @configurations.nil?
    raise NotYetConfiguredError, "Default policy not yet supplied"
  end
  @configurations[name]
end

.named_append(name, target = nil, &block) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 54

def named_append(name, target = nil, &block)
  @appends ||= {}
  raise "Provide a configuration block" unless block_given?
  @appends[name] = block
end

.named_appends(name) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 49

def named_appends(name)
  @appends ||= {}
  @appends[name]
end

.override(name, base = DEFAULT_CONFIG, &block) ⇒ Object

Public: create a named configuration that overrides the default config.

name - use an idenfier for the override config. base - override another existing config, or override the default config if no value is supplied.

Returns: the newly created config

# File 'lib/secure_headers/configuration.rb', line 29

def override(name, base = DEFAULT_CONFIG, &block)
  unless get(base)
    raise NotYetConfiguredError, "#{base} policy not yet supplied"
  end
  override = @configurations[base].dup
  override.instance_eval(&block) if block_given?
  add_configuration(name, override)
end

Instance Method Details

#dup ⇒ Object

Public: copy everything but the cached headers

Returns a deep-dup’d copy of this configuration.

# File 'lib/secure_headers/configuration.rb', line 159

def dup
  copy = self.class.new
  copy.cookies = self.class.send(:deep_copy_if_hash, @cookies)
  copy.csp = @csp.dup if @csp
  copy.csp_report_only = @csp_report_only.dup if @csp_report_only
  copy.cached_headers = self.class.send(:deep_copy_if_hash, @cached_headers)
  copy.x_content_type_options = @x_content_type_options
  copy.hsts = @hsts
  copy.x_frame_options = @x_frame_options
  copy.x_xss_protection = @x_xss_protection
  copy.x_download_options = @x_download_options
  copy.x_permitted_cross_domain_policies = @x_permitted_cross_domain_policies
  copy.clear_site_data = @clear_site_data
  copy.expect_certificate_transparency = @expect_certificate_transparency
  copy.referrer_policy = @referrer_policy
  copy.hpkp = @hpkp
  copy.hpkp_report_host = @hpkp_report_host
  copy
end

#opt_out(header) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 179

def opt_out(header)
  send("#{header}=", OPT_OUT)
  self.cached_headers.delete(header)
end

#secure_cookies=(secure_cookies) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 210

def secure_cookies=(secure_cookies)
  Kernel.warn "#{Kernel.caller.first}: [DEPRECATION] `#secure_cookies=` is deprecated. Please use `#cookies=` to configure secure cookies instead."
  @cookies = (@cookies || {}).merge(secure: secure_cookies)
end

#update_x_frame_options(value) ⇒ Object

# File 'lib/secure_headers/configuration.rb', line 184

def update_x_frame_options(value)
  @x_frame_options = value
  self.cached_headers[XFrameOptions::CONFIG_KEY] = XFrameOptions.make_header(value)
end

#validate_config! ⇒ Object

Public: validates all configurations values.

Raises various configuration errors if any invalid config is detected.

Returns nothing

# File 'lib/secure_headers/configuration.rb', line 194

def validate_config!
  StrictTransportSecurity.validate_config!(@hsts)
  ContentSecurityPolicy.validate_config!(@csp)
  ContentSecurityPolicy.validate_config!(@csp_report_only)
  ReferrerPolicy.validate_config!(@referrer_policy)
  XFrameOptions.validate_config!(@x_frame_options)
  XContentTypeOptions.validate_config!(@x_content_type_options)
  XXssProtection.validate_config!(@x_xss_protection)
  XDownloadOptions.validate_config!(@x_download_options)
  XPermittedCrossDomainPolicies.validate_config!(@x_permitted_cross_domain_policies)
  ClearSiteData.validate_config!(@clear_site_data)
  ExpectCertificateTransparency.validate_config!(@expect_certificate_transparency)
  PublicKeyPins.validate_config!(@hpkp)
  Cookie.validate_config!(@cookies)
end