RubygemsResearch

Sha256: b607899f617e7f454b5d1970def9b679ac89dfc16fa88d0c9e5167dfbce9a9e0

Contents?: true

Size: 1.69 KB

Versions: 25

Compression:

Stored size: 1.69 KB

module ActionDispatch
  class SSL
    YEAR = 31536000

    def self.default_hsts_options
      { :expires => YEAR, :subdomains => false }
    end

    def initialize(app, options = {})
      @app = app

      @hsts = options.fetch(:hsts, {})
      @hsts = {} if @hsts == true
      @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts

      @host    = options[:host]
      @port    = options[:port]
    end

    def call(env)
      request = Request.new(env)

      if request.ssl?
        status, headers, body = @app.call(env)
        headers = hsts_headers.merge(headers)
        flag_cookies_as_secure!(headers)
        [status, headers, body]
      else
        redirect_to_https(request)
      end
    end

    private
      def redirect_to_https(request)
        url        = URI(request.url)
        url.scheme = "https"
        url.host   = @host if @host
        url.port   = @port if @port
        headers    = { 'Content-Type' => 'text/html', 'Location' => url.to_s }

        [301, headers, []]
      end

      # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
      def hsts_headers
        if @hsts
          value = "max-age=#{@hsts[:expires].to_i}"
          value += "; includeSubDomains" if @hsts[:subdomains]
          { 'Strict-Transport-Security' => value }
        else
          {}
        end
      end

      def flag_cookies_as_secure!(headers)
        if cookies = headers['Set-Cookie']
          cookies = cookies.split("\n")

          headers['Set-Cookie'] = cookies.map { |cookie|
            if cookie !~ /;\s+secure(;|$)/i
              "#{cookie}; secure"
            else
              cookie
            end
          }.join("\n")
        end
      end
  end
end

Version data entries

25 entries across 25 versions & 1 rubygems

Version	Path
actionpack-4.0.13	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.13.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.11.1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.12	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.11	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.10	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.10.rc2	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.10.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.9	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.8	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.7	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.6	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.6.rc3	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.6.rc2	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.6.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.5	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.4	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.4.rc1	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.3	lib/action_dispatch/middleware/ssl.rb
actionpack-4.0.2	lib/action_dispatch/middleware/ssl.rb