Contents

module Pah
  module Templates
    class SecureHeader < Pah::Template
      def call
        content = <<EOF

  ensure_security_headers # See more: https://github.com/twitter/secureheaders
EOF

        inject_into_file 'app/controllers/application_controller.rb', content, after: 'with: :exception', verbose: false

        create_file 'config/initializers/secure_headers.rb' do
          <<-EOF
::SecureHeaders::Configuration.configure do |config|
  config.hsts = {:max_age => 20.years.to_i, :include_subdomains => true}
  config.x_frame_options = 'DENY'
  config.x_content_type_options = "nosniff"
  config.x_xss_protection = {:value => 1, :mode => 'block'}
  config.csp = false
end
EOF
        end
        git add: 'app/controllers/application_controller.rb'
        git add: 'config/initializers/secure_headers.rb'
        git_commit 'Add secure headers.'
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version	Path
pah-0.0.27	lib/pah/templates/secure_headers.rb
pah-0.0.26	lib/pah/templates/secure_headers.rb
pah-0.0.25	lib/pah/templates/secure_headers.rb
pah-0.0.24	lib/pah/templates/secure_headers.rb
pah-0.0.23	lib/pah/templates/secure_headers.rb
pah-0.0.22	lib/pah/templates/secure_headers.rb
pah-0.0.21	lib/pah/templates/secure_headers.rb
pah-0.0.20	lib/pah/templates/secure_headers.rb
pah-0.0.19	lib/pah/templates/secure_headers.rb
pah-0.0.17	lib/pah/templates/secure_headers.rb
pah-0.0.16	lib/pah/templates/secure_headers.rb