Class: TCellAgent::Policies::ClickjackingPolicy::ContentSecurityPolicyHeader

Inherits:

Object

• Object
• TCellAgent::Policies::ClickjackingPolicy::ContentSecurityPolicyHeader

Defined in:

lib/tcell_agent/policies/clickjacking_policy.rb

Constant Summary

@@approved_headers =

[
    "csp"
]

Instance Attribute Summary

• #raw_value ⇒ Object

  Returns the value of attribute raw_value.

• #report_uri ⇒ Object

  Returns the value of attribute report_uri.

• #type ⇒ Object

  Returns the value of attribute type.

Instance Method Summary

• #initialize(type, value, report_uri = nil) ⇒ ContentSecurityPolicyHeader constructor

  A new instance of ContentSecurityPolicyHeader.

• #value(transaction_id = nil, session_id = nil, user_id = nil) ⇒ Object

Constructor Details

#initialize(type, value, report_uri = nil) ⇒ ContentSecurityPolicyHeader

Returns a new instance of ContentSecurityPolicyHeader.

# File 'lib/tcell_agent/policies/clickjacking_policy.rb', line 16

def initialize(type, value, report_uri=nil)
    if !(type && value)
        raise "Type and value were not set"
    end
    if type.downcase == "content-security-policy"
        type = "csp"
    end
    if not @@approved_headers.include?(type.downcase)
        raise "Type was not included in approved_headers"
    end
    if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
        raise "Value is not valid"
    end
    self.type = type
    self.raw_value = value
    self.report_uri = report_uri
end

Instance Attribute Details

#raw_value ⇒ Object

Returns the value of attribute raw_value.

# File 'lib/tcell_agent/policies/clickjacking_policy.rb', line 14

def raw_value
  @raw_value
end

#report_uri ⇒ Object

Returns the value of attribute report_uri.

# File 'lib/tcell_agent/policies/clickjacking_policy.rb', line 15

def report_uri
  @report_uri
end

#type ⇒ Object

Returns the value of attribute type.

# File 'lib/tcell_agent/policies/clickjacking_policy.rb', line 13

def type
  @type
end

Instance Method Details

#value(transaction_id = nil, session_id = nil, user_id = nil) ⇒ Object

# File 'lib/tcell_agent/policies/clickjacking_policy.rb', line 33

def value(transaction_id=nil, session_id=nil, user_id=nil)
    if !self.report_uri
        return self.raw_value
    end
    begin
        uri = URI.parse(self.report_uri)
        new_query_ar = URI.decode_www_form(uri.query || '')
        if transaction_id
            new_query_ar << ["tid", transaction_id]
        end
        if session_id
            new_query_ar << ["sid", session_id]
        end
        if user_id
            new_query_ar << ["uid", user_id.to_s]
        end
        if new_query_ar != []
            uri.query = URI.encode_www_form(new_query_ar)
        end
        report_uri = uri.to_s
        return "#{self.raw_value}; report-uri #{report_uri}"
    rescue Exception=>e
        return self.raw_value
    end
end