Sha256: 0061b967342181a105a3093b43482c22d7e7820b8f7cbd4cc070282863149d6a
Contents?: true
Size: 1.25 KB
Versions: 3
Compression:
Stored size: 1.25 KB
Contents
# frozen_string_literal: true
require 'rack/protection'
module Rack
module Protection
##
# Prevented attack:: Clickjacking
# Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
# Safari 4.0, Chrome 4.1.249.1042 and later
# More infos:: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
#
# Sets X-Frame-Options header to tell the browser avoid embedding the page
# in a frame.
#
# Options:
#
# frame_options:: Defines who should be allowed to embed the page in a
# frame. Use :deny to forbid any embedding, :sameorigin
# to allow embedding from the same origin (default).
class FrameOptions < Base
default_options frame_options: :sameorigin
def frame_options
@frame_options ||= begin
frame_options = options[:frame_options]
frame_options = options[:frame_options].to_s.upcase unless frame_options.respond_to? :to_str
frame_options.to_str
end
end
def call(env)
status, headers, body = @app.call(env)
headers['x-frame-options'] ||= frame_options if html? headers
[status, headers, body]
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| rack-protection-4.1.1 | lib/rack/protection/frame_options.rb |
| rack-protection-4.1.0 | lib/rack/protection/frame_options.rb |
| rack-protection-4.0.0 | lib/rack/protection/frame_options.rb |