Module: Tynn::SecureHeaders

Defined in:: lib/tynn/secure_headers.rb

Overview

Public: Adds security related HTTP headers.

Examples

require "tynn"
require "tynn/secure_headers"

Tynn.plugin(Tynn::SecureHeaders)

This plugin applies the following headers:

X-Content-Type-Options: "nosniff"

Prevents IE and Chrome from content type sniffing

X-Frame-Options: "SAMEORIGIN"

Provides Clickjacking protection.

X-Permitted-Cross-Domain-Policies: "none"

Restricts Adobe Flash Player’s access to data.

X-XSS-Protection: "1; mode=block"

Enables the XSS protection filter built into IE, Chrome and Safari. This filter is usually enabled by default, the use of this header is to re-enable it if it was turned off by the user.

Class Method Summary collapse

.setup(app) ⇒ Object

Internal: Sets the default HTTP secure headers.

Class Method Details

.setup(app) ⇒ `Object`

Internal: Sets the default HTTP secure headers.

# File 'lib/tynn/secure_headers.rb', line 35

def self.setup(app)
  app.settings[:default_headers].update(
    "X-Content-Type-Options" => "nosniff",
    "X-Frame-Options" => "SAMEORIGIN",
    "X-Permitted-Cross-Domain-Policies" => "none",
    "X-XSS-Protection" => "1; mode=block"
  )
end

Module: Tynn::SecureHeaders

Overview

Class Method Summary collapse

Class Method Details

.setup(app) ⇒ Object

.setup(app) ⇒ `Object`