Sha256: e1cbb8849e71c0afd09013ab9e16a1ce4b2c0a8723739154421c4fd754f2874b
Contents?: true
Size: 1.08 KB
Versions: 1
Compression:
Stored size: 1.08 KB
Contents
# frozen_string_literal: true
module SecureHeaders
class XFOConfigError < StandardError; end
class XFrameOptions
HEADER_NAME = "x-frame-options".freeze
SAMEORIGIN = "sameorigin"
DENY = "deny"
ALLOW_FROM = "allow-from"
ALLOW_ALL = "allowall"
DEFAULT_VALUE = SAMEORIGIN
VALID_XFO_HEADER = /\A(#{SAMEORIGIN}\z|#{DENY}\z|#{ALLOW_ALL}\z|#{ALLOW_FROM}[:\s])/i
class << self
# Public: generate an X-Frame-Options header.
#
# Returns a default header if no configuration is provided, or a
# header name and value based on the config.
def make_header(config = nil, user_agent = nil)
return if config == OPT_OUT
[HEADER_NAME, config || DEFAULT_VALUE]
end
def validate_config!(config)
return if config.nil? || config == OPT_OUT
raise TypeError.new("Must be a string. Found #{config.class}: #{config}") unless config.is_a?(String)
unless config =~ VALID_XFO_HEADER
raise XFOConfigError.new("Value must be SAMEORIGIN|DENY|ALLOW-FROM:|ALLOWALL")
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| secure_headers-7.1.0 | lib/secure_headers/headers/x_frame_options.rb |