Sha256: d9df43f643748bdf2d02b3c64d8b20c3d3d5466112069694c8d92bef9baf6000
Contents?: true
Size: 1.18 KB
Versions: 1
Compression:
Stored size: 1.18 KB
Contents
require 'aaf/secure_headers/version'
require 'secure_headers'
require 'active_support/core_ext/integer/time'
module AAF
module SecureHeaders
::SecureHeaders::Configuration.default do |config|
config.cookies = {
secure: true,
httponly: true,
samesite: {
lax: false
}
}
config.hsts = "max-age=#{6.months.to_i}; includeSubdomains; preload"
config.x_frame_options = 'DENY'
config.x_content_type_options = 'nosniff'
config.x_xss_protection = '1; mode=block'
config.x_download_options = 'noopen'
config.x_permitted_cross_domain_policies = 'none'
config.referrer_policy = 'origin-when-cross-origin'
config.csp = {
preserve_schemes: false,
block_all_mixed_content: true,
upgrade_insecure_requests: true,
default_src: ["'none'"],
base_uri: ["'none'"],
font_src: ["'self'", 'https://fonts.gstatic.com'],
form_action: ["'self'"],
frame_ancestors: ["'none'"],
img_src: ["'self'", 'data:'],
script_src: ["'self'"],
style_src: ["'self'", 'https://fonts.googleapis.com'],
report_uri: []
}
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| aaf-secure_headers-1.0.0 | lib/aaf/secure_headers.rb |