Sha256: 8a5908cee02561461521d79c995008bd5ffdbd16789a4d7fdc1812cc761a9283

Contents?: true

Size: 1 KB

Versions: 4

Compression:

Stored size: 1 KB

Contents

module SecureHeaders
  class XContentTypeOptionsBuildError < StandardError; end
  # IE only
  class XContentTypeOptions < Header
    module Constants
      X_CONTENT_TYPE_OPTIONS_HEADER_NAME = "X-Content-Type-Options"
      DEFAULT_VALUE = "nosniff"
      CONFIG_KEY = :x_content_type_options
    end
    include Constants

    def initialize(config=nil)
      @config = config
      validate_config unless @config.nil?
    end

    def name
      X_CONTENT_TYPE_OPTIONS_HEADER_NAME
    end

    def value
      case @config
      when NilClass
        DEFAULT_VALUE
      when String
        @config
      else
        warn "[DEPRECATION] secure_headers 3.0 will only accept string values for XContentTypeOptions config"
        @config[:value]
      end
    end

    private

    def validate_config
      value = @config.is_a?(Hash) ? @config[:value] : @config
      unless value.casecmp(DEFAULT_VALUE) == 0
        raise XContentTypeOptionsBuildError.new("Value can only be nil or 'nosniff'")
      end
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
secure_headers-2.5.3 lib/secure_headers/headers/x_content_type_options.rb
secure_headers-2.5.2 lib/secure_headers/headers/x_content_type_options.rb
secure_headers-2.5.1 lib/secure_headers/headers/x_content_type_options.rb
secure_headers-2.5.0 lib/secure_headers/headers/x_content_type_options.rb