Sha256: 23548a969abeac6aeb26cd9457a7002eb421aeceb038bbb5506643b48b6d7aa2
Contents?: true
Size: 1.39 KB
Versions: 5
Compression:
Stored size: 1.39 KB
Contents
# frozen-string-literal: true
#
class Roda
module RodaPlugins
# The hsts plugin allows for easily configuring an appropriate
# Strict-Transport-Security response header for the application:
#
# plugin :hsts
# # Strict-Transport-Security: max-age=63072000; includeSubDomains
#
# plugin :hsts, preload: true
# # Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
#
# plugin :hsts, max_age: 31536000, subdomains: false
# # Strict-Transport-Security: max-age=31536000
module Hsts
# Ensure default_headers plugin is loaded first
def self.load_dependencies(app, opts=OPTS)
app.plugin :default_headers
end
# Configure the Strict-Transport-Security header. Options:
# :max_age :: Set max-age in seconds (default is 63072000, two years)
# :preload :: Set preload, so the domain can be included in HSTS preload lists
# :subdomains :: Set to false to not set includeSubDomains. By default,
# includeSubDomains is set to enforce HTTPS for subdomains.
def self.configure(app, opts=OPTS)
app.plugin :default_headers, RodaResponseHeaders::STRICT_TRANSPORT_SECURITY => "max-age=#{opts[:max_age]||63072000}#{'; includeSubDomains' unless opts[:subdomains] == false}#{'; preload' if opts[:preload]}".freeze
end
end
register_plugin(:hsts, Hsts)
end
end
Version data entries
5 entries across 5 versions & 1 rubygems
| Version | Path |
|---|---|
| roda-3.88.0 | lib/roda/plugins/hsts.rb |
| roda-3.87.0 | lib/roda/plugins/hsts.rb |
| roda-3.86.0 | lib/roda/plugins/hsts.rb |
| roda-3.85.0 | lib/roda/plugins/hsts.rb |
| roda-3.84.0 | lib/roda/plugins/hsts.rb |