Contents

require "forwardable"

module SecureHeaders
  class ContentSecurityPolicy
    class BrowserStrategy
      extend Forwardable

      def_delegators :@content_security_policy, :browser, :experimental, :enforce, :config

      def self.build(content_security_policy)
        browser = content_security_policy.browser
        klass = if browser.ie?
          IeBrowserStrategy
        elsif browser.firefox?
          if browser.version.to_i >= 23
            StandardBrowserStrategy
          else
            FirefoxBrowserStrategy
          end
        else
          StandardBrowserStrategy
        end

        klass.new content_security_policy
      end

      def initialize(content_security_policy)
        @content_security_policy = content_security_policy
      end

      def base_name
        SecureHeaders::ContentSecurityPolicy::STANDARD_HEADER_NAME
      end

      def name
        base = base_name
        if !enforce || experimental
          base += "-Report-Only"
        end
        base
      end

      def csp_header
        SecureHeaders::ContentSecurityPolicy::WEBKIT_CSP_HEADER
      end

      def directives
        SecureHeaders::ContentSecurityPolicy::WEBKIT_DIRECTIVES
      end

      def filter_unsupported_directives(config)
        config = config.dup
        config.delete(:frame_ancestors)
        config
      end

      def translate_inline_or_eval val
        val == 'inline' ? "'unsafe-inline'" : "'unsafe-eval'"
      end

      def build_impl_specific_directives(default)
        if default.any?
          "default-src #{default.join(" ")}; "
        else
          ""
        end
      end

      def normalize_reporting_endpoint?
        # noop except for Firefox for now
      end

      def add_missing_extension_values
        # noop except for chrome for now
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
secure_headers-1.0.0	lib/secure_headers/headers/content_security_policy/browser_strategy.rb