Sha256: 227b8d9b33212b3fda983ae512c277d568c976e8e5d6753ce8a913d592ede0c2
Contents?: true
Size: 1015 Bytes
Versions: 2
Compression:
Stored size: 1015 Bytes
Contents
require 'rack/protection'
module Rack
module Protection
##
# Prevented attack:: Non-permanent XSS
# Supported browsers:: Internet Explorer 8 and later
# More infos:: http://blogs.msdn.com/b/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx
#
# Sets X-XSS-Protection header to tell the browser to block attacks.
#
# Options:
# xss_mode:: How the browser should prevent the attack (default: :block)
class XSSHeader < Base
default_options :xss_mode => :block, :nosniff => true
def header
headers = {
'X-XSS-Protection' => "1; mode=#{options[:xss_mode]}",
'X-Content-Type-Options' => "nosniff"
}
headers.delete("X-Content-Type-Options") unless options[:nosniff]
headers
end
def call(env)
status, headers, body = @app.call(env)
headers = header.merge(headers) if options[:nosniff] and html?(headers)
[status, headers, body]
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| rack-protection-1.3.2 | lib/rack/protection/xss_header.rb |
| rack-protection-1.3.1 | lib/rack/protection/xss_header.rb |