Contents

require_relative "secure_headers"

class Tynn
  # Public: Adds security measures against common attacks.
  #
  # Examples
  #
  #   require "tynn"
  #   require "tynn/protection"
  #
  #   Tynn.plugin(Tynn::Protection)
  #
  # If you are using SSL/TLS (HTTPS), it's recommended to set
  # the +:ssl+ option:
  #
  # Examples
  #
  #   require "tynn"
  #   require "tynn/protection"
  #
  #   Tynn.plugin(Tynn::Protection, ssl: true)
  #
  # By default, it includes the following security plugins:
  #
  # - Tynn::SecureHeaders
  #
  # If the +:ssl+ option is +true+, includes:
  #
  # - Tynn::HSTS
  #
  # - Tynn::ForceSSL
  #
  module Protection
    # Internal: Configures security related plugins.
    def self.setup(app, ssl: false, force_ssl: ssl, hsts: {})
      app.plugin(Tynn::SecureHeaders)

      if ssl
        app.settings[:ssl] = true

        require_relative "hsts"

        app.plugin(Tynn::HSTS, hsts)
      end

      if force_ssl
        require_relative "force_ssl"

        app.plugin(Tynn::ForceSSL)
      end
    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
tynn-1.2.0	lib/tynn/protection.rb
tynn-1.1.0	lib/tynn/protection.rb