Sha256: a863cf01d31fdb487376dd3f30718803809b53844c896706e4b6d1460c32503b
Contents?: true
Size: 1.49 KB
Versions: 6
Compression:
Stored size: 1.49 KB
Contents
module SecureHeaders
class XXssProtectionBuildError < StandardError; end
class XXssProtection < Header
module Constants
X_XSS_PROTECTION_HEADER_NAME = 'X-XSS-Protection'
DEFAULT_VALUE = "1"
VALID_X_XSS_HEADER = /\A[01](; mode=block)?(; report=.*)?\z/i
CONFIG_KEY = :x_xss_protection
end
include Constants
def initialize(config=nil)
@config = config
validate_config unless @config.nil?
end
def name
X_XSS_PROTECTION_HEADER_NAME
end
def value
case @config
when NilClass
DEFAULT_VALUE
when String
@config
else
value = @config[:value].to_s
value += "; mode=#{@config[:mode]}" if @config[:mode]
value += "; report=#{@config[:report_uri]}" if @config[:report_uri]
value
end
end
private
def validate_config
if @config.is_a? Hash
if !@config[:value]
raise XXssProtectionBuildError.new(":value key is missing")
elsif @config[:value]
unless [0,1].include?(@config[:value].to_i)
raise XXssProtectionBuildError.new(":value must be 1 or 0")
end
if @config[:mode] && @config[:mode].casecmp('block') != 0
raise XXssProtectionBuildError.new(":mode must nil or 'block'")
end
end
elsif @config.is_a? String
raise XXssProtectionBuildError.new("Invalid format (see VALID_X_XSS_HEADER)") unless @config =~ VALID_X_XSS_HEADER
end
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems