Sha256: ddac3362afa4f2e0c0001e21134e38221c296562ec812d194fe9d7525be65e07
Contents?: true
Size: 1.54 KB
Versions: 4
Compression:
Stored size: 1.54 KB
Contents
module SecureHeaders
class STSBuildError < StandardError; end
class StrictTransportSecurity < Header
module Constants
HSTS_HEADER_NAME = 'Strict-Transport-Security'
HSTS_MAX_AGE = "631138519"
DEFAULT_VALUE = "max-age=" + HSTS_MAX_AGE
VALID_STS_HEADER = /\Amax-age=\d+(; includeSubdomains)?(; preload)?\z/i
MESSAGE = "The config value supplied for the HSTS header was invalid."
CONFIG_KEY = :hsts
end
include Constants
def initialize(config = nil)
@config = config
validate_config unless @config.nil?
end
def name
return HSTS_HEADER_NAME
end
def value
case @config
when String
return @config
when NilClass
return DEFAULT_VALUE
end
max_age = @config.fetch(:max_age, HSTS_MAX_AGE)
value = "max-age=" + max_age.to_s
value += "; includeSubdomains" if @config[:include_subdomains]
value += "; preload" if @config[:preload]
value
end
private
def validate_config
if @config.is_a? Hash
warn "[DEPRECATION] secure_headers 3.0 will only accept string values for StrictTransportSecurity config"
if !@config[:max_age]
raise STSBuildError.new("No max-age was supplied.")
elsif @config[:max_age].to_s !~ /\A\d+\z/
raise STSBuildError.new("max-age must be a number. #{@config[:max_age]} was supplied.")
end
else
@config = @config.to_s
raise STSBuildError.new(MESSAGE) unless @config =~ VALID_STS_HEADER
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems