Class: SiteInspector::Endpoint::Headers

Inherits:

Check

• Object
• Check
• SiteInspector::Endpoint::Headers

Defined in:

lib/site-inspector/checks/headers.rb

Instance Attribute Summary

Attributes inherited from Check

#endpoint

Instance Method Summary

• #[](header) ⇒ Object
• #all ⇒ Object (also: #headers)

  Returns an array of hashes of downcased key/value header pairs (or an empty hash).

• #click_jacking_protection ⇒ Object
• #click_jacking_protection? ⇒ Boolean
• #content_security_policy ⇒ Object
• #content_security_policy? ⇒ Boolean
• #server ⇒ Object
• #strict_transport_security ⇒ Object

  TODO: kill this.

• #strict_transport_security? ⇒ Boolean

  TODO: kill this.

• #to_h ⇒ Object
• #xss_protection ⇒ Object
• #xss_protection? ⇒ Boolean

  more specific checks than presence of headers.

Methods inherited from Check

enabled=, enabled?, #host, #initialize, #inspect, #name, name, #request, #response

Constructor Details

This class inherits a constructor from SiteInspector::Endpoint::Check

Instance Method Details

#[](header) ⇒ Object

# File 'lib/site-inspector/checks/headers.rb', line 51

def [](header)
  headers[header]
end

#all ⇒ Object Also known as: headers

Returns an array of hashes of downcased key/value header pairs (or an empty hash)

# File 'lib/site-inspector/checks/headers.rb', line 46

def all
  @all ||= (response && response.headers) ? Hash[response.headers.map { |k, v| [k.downcase, v] }] : {}
end

#click_jacking_protection ⇒ Object

# File 'lib/site-inspector/checks/headers.rb', line 28

def click_jacking_protection
  headers['x-frame-options']
end

#click_jacking_protection? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/site-inspector/checks/headers.rb', line 13

def click_jacking_protection?
  !!click_jacking_protection
end

#content_security_policy ⇒ Object

# File 'lib/site-inspector/checks/headers.rb', line 24

def content_security_policy
  headers['content-security-policy']
end

#content_security_policy? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/site-inspector/checks/headers.rb', line 9

def content_security_policy?
  !!content_security_policy
end

#server ⇒ Object

# File 'lib/site-inspector/checks/headers.rb', line 32

def server
  headers['server']
end

#strict_transport_security ⇒ Object

TODO: kill this

# File 'lib/site-inspector/checks/headers.rb', line 20

def strict_transport_security
  headers['strict-transport-security']
end

#strict_transport_security? ⇒ Boolean

TODO: kill this

Returns:

• (Boolean)

# File 'lib/site-inspector/checks/headers.rb', line 5

def strict_transport_security?
  !!strict_transport_security
end

#to_h ⇒ Object

# File 'lib/site-inspector/checks/headers.rb', line 55

def to_h
  {
    strict_transport_security: strict_transport_security || false,
    content_security_policy:   content_security_policy || false,
    click_jacking_protection:  click_jacking_protection || false,
    server:                    server,
    xss_protection:            xss_protection || false
  }
end

#xss_protection ⇒ Object

# File 'lib/site-inspector/checks/headers.rb', line 36

def xss_protection
  headers['x-xss-protection']
end

#xss_protection? ⇒ Boolean

more specific checks than presence of headers

Returns:

• (Boolean)

# File 'lib/site-inspector/checks/headers.rb', line 41

def xss_protection?
  xss_protection == '1; mode=block'
end