RubygemsResearch

Sha256: 93ef120caa0d24785661335d1e645f28ec3d19609cf70bd8fe439bc854a8a249

Contents?: true

Size: 1.74 KB

Versions: 29

Compression:

Stored size: 1.74 KB

module ActionDispatch
  class SSL
    YEAR = 31536000

    def self.default_hsts_options
      { :expires => YEAR, :subdomains => false }
    end

    def initialize(app, options = {})
      @app = app

      @hsts = options.fetch(:hsts, {})
      @hsts = {} if @hsts == true
      @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts

      @host    = options[:host]
      @port    = options[:port]
    end

    def call(env)
      request = Request.new(env)

      if request.ssl?
        status, headers, body = @app.call(env)
        headers.reverse_merge!(hsts_headers)
        flag_cookies_as_secure!(headers)
        [status, headers, body]
      else
        redirect_to_https(request)
      end
    end

    private
      def redirect_to_https(request)
        host = @host || request.host
        port = @port || request.port

        location = "https://#{host}"
        location << ":#{port}" if port != 80
        location << request.fullpath

        headers = { 'Content-Type' => 'text/html', 'Location' => location }

        [301, headers, []]
      end

      # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
      def hsts_headers
        if @hsts
          value = "max-age=#{@hsts[:expires].to_i}"
          value += "; includeSubDomains" if @hsts[:subdomains]
          { 'Strict-Transport-Security' => value }
        else
          {}
        end
      end

      def flag_cookies_as_secure!(headers)
        if cookies = headers['Set-Cookie']
          cookies = cookies.split("\n")

          headers['Set-Cookie'] = cookies.map { |cookie|
            if cookie !~ /;\s*secure\s*(;|$)/i
              "#{cookie}; secure"
            else
              cookie
            end
          }.join("\n")
        end
      end
  end
end

Version data entries

29 entries across 29 versions & 5 rubygems

Version	Path
actionpack-4.2.11.3	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.11.2	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.11.1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.11	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.10	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.10.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.9	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.9.rc2	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.9.rc1	lib/action_dispatch/middleware/ssl.rb
enju_leaf-1.2.1	vendor/bundle/ruby/2.3/gems/actionpack-4.2.8/lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.8	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.8.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.7.1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.7	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.7.rc1	lib/action_dispatch/middleware/ssl.rb
ish_lib_manager-0.0.1	test/dummy/vendor/bundle/ruby/2.3.0/gems/actionpack-4.2.6/lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.6	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.6.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.5.2	lib/action_dispatch/middleware/ssl.rb
actionpack-4.2.5.1	lib/action_dispatch/middleware/ssl.rb