Sha256: cf1d782be3d881883b906effafaceeb982d6456bc5aefa75b08a5f323681c2b7
Contents?: true
Size: 1.26 KB
Versions: 4
Compression:
Stored size: 1.26 KB
Contents
class Tynn
# Public: Adds security related HTTP headers.
#
# Examples
#
# require "tynn"
# require "tynn/secure_headers"
#
# Tynn.plugin(Tynn::SecureHeaders)
#
# This plugin applies the following headers:
#
# *X-Content-Type-Options:* <tt>"nosniff"</tt>
#
# Prevents IE and Chrome from
# {content type sniffing}[https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx]
#
# *X-Frame-Options:* <tt>"SAMEORIGIN"</tt>
#
# Provides {Clickjacking}[https://www.owasp.org/index.php/Clickjacking]
# protection.
#
# *X-Permitted-Cross-Domain-Policies:* <tt>"none"</tt>
#
# Restricts Adobe Flash Player's access to data.
#
# *X-XSS-Protection:* <tt>"1; mode=block"</tt>
#
# Enables the XSS protection filter built into IE, Chrome and Safari.
# This filter is usually enabled by default, the use of this header
# is to re-enable it if it was turned off by the user.
#
module SecureHeaders
# Internal: Sets the default HTTP secure headers.
def self.setup(app)
app.settings[:default_headers].update(
"X-Content-Type-Options" => "nosniff",
"X-Frame-Options" => "SAMEORIGIN",
"X-Permitted-Cross-Domain-Policies" => "none",
"X-XSS-Protection" => "1; mode=block"
)
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems
| Version | Path |
|---|---|
| tynn-1.4.0 | lib/tynn/secure_headers.rb |
| tynn-1.3.0 | lib/tynn/secure_headers.rb |
| tynn-1.2.0 | lib/tynn/secure_headers.rb |
| tynn-1.1.0 | lib/tynn/secure_headers.rb |