Sha256: ecf42c1bcf70a054ebc440d3ac4871ff997f2fa6d4c927ae6d507e4f1c59c0c5
Contents?: true
Size: 1.08 KB
Versions: 1
Compression:
Stored size: 1.08 KB
Contents
# frozen_string_literal: true
module SecureHeaders
class STSConfigError < StandardError; end
class StrictTransportSecurity
HEADER_NAME = "strict-transport-security".freeze
HSTS_MAX_AGE = "631138519"
DEFAULT_VALUE = "max-age=" + HSTS_MAX_AGE
VALID_STS_HEADER = /\Amax-age=\d+(; includeSubdomains)?(; preload)?\z/i
MESSAGE = "The config value supplied for the HSTS header was invalid. Must match #{VALID_STS_HEADER}"
class << self
# Public: generate an hsts header name, value pair.
#
# Returns a default header if no configuration is provided, or a
# header name and value based on the config.
def make_header(config = nil, user_agent = nil)
return if config == OPT_OUT
[HEADER_NAME, config || DEFAULT_VALUE]
end
def validate_config!(config)
return if config.nil? || config == OPT_OUT
raise TypeError.new("Must be a string. Found #{config.class}: #{config} #{config.class}") unless config.is_a?(String)
raise STSConfigError.new(MESSAGE) unless config =~ VALID_STS_HEADER
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| secure_headers-7.1.0 | lib/secure_headers/headers/strict_transport_security.rb |