Sha256: 6bcef16eed377476ceaa1f54cc25038f27c14a6ecfc48efd84f13f52f9703757
Contents?: true
Size: 1 KB
Versions: 3
Compression:
Stored size: 1 KB
Contents
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/agent/assess/rule/response/framework/rails_support' require 'contrast/agent/assess/rule/response/header_rule' require 'contrast/utils/string_utils' module Contrast module Agent module Assess module Rule module Response # These rules check the content of the HTTP Response to determine if the response contains the needed header class XXssProtection < HeaderRule include Framework::RailsSupport def rule_id 'xxssprotection-header-disabled' end HEADER_KEYS = %w[X-XSS-Protection].cs__freeze ACCEPTED_VALUES = [/^1/].cs__freeze DEFAULT_SAFE = true protected def analyze_response? response !framework_supported? && super end end end end end end end
Version data entries
3 entries across 3 versions & 1 rubygems