Sha256: 8b6508b4fe1f19f72e854cb7f84fd5a8557a0dbe404f22c377dd8cd5b3c55f6a
Contents?: true
Size: 1.3 KB
Versions: 6
Compression:
Stored size: 1.3 KB
Contents
# frozen_string_literal: true
module SecureHeaders
class ReferrerPolicyConfigError < StandardError; end
class ReferrerPolicy
HEADER_NAME = "Referrer-Policy".freeze
DEFAULT_VALUE = "origin-when-cross-origin"
VALID_POLICIES = %w(
no-referrer
no-referrer-when-downgrade
same-origin
strict-origin
strict-origin-when-cross-origin
origin
origin-when-cross-origin
unsafe-url
)
CONFIG_KEY = :referrer_policy
class << self
# Public: generate an Referrer Policy header.
#
# Returns a default header if no configuration is provided, or a
# header name and value based on the config.
def make_header(config = nil)
config ||= DEFAULT_VALUE
[HEADER_NAME, Array(config).join(", ")]
end
def validate_config!(config)
case config
when nil, OPT_OUT
# valid
when String, Array
config = Array(config)
unless config.all? { |t| t.is_a?(String) && VALID_POLICIES.include?(t.downcase) }
raise ReferrerPolicyConfigError.new("Value can only be one or more of #{VALID_POLICIES.join(", ")}")
end
else
raise TypeError.new("Must be a string or array of strings. Found #{config.class}: #{config}")
end
end
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems