Sha256: ed81ab0d0ab56bddac9bf21d3aaba6cc5884b63a147636551ecd842a040c01c3
Contents?: true
Size: 1.3 KB
Versions: 1
Compression:
Stored size: 1.3 KB
Contents
# frozen_string_literal: true
class Tynn
# Adds the following security related HTTP headers:
#
# [X-Content-Type-Options]
# Prevents IE and Chrome from {content type sniffing}[https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx].
# Defaults to <tt>"nosniff"</tt>.
#
# [X-Frame-Options]
# Provides {Clickjacking}[https://www.owasp.org/index.php/Clickjacking]
# protection. Defaults to <tt>"SAMEORIGIN"</tt>.
#
# [X-Permitted-Cross-Domain-Policies]
# Restricts Adobe Flash Player's access to data. Defaults to <tt>"none"</tt>.
#
# [X-XSS-Protection]
# Enables the XSS protection filter built into IE, Chrome and Safari.
# This filter is usually enabled by default, the use of this header is to
# re-enable it if it was turned off by the user. Defaults to <tt>"1; mode=block"</tt>.
#
# <tt></tt>
#
# require "tynn"
# require "tynn/secure_headers"
#
# Tynn.plugin(Tynn::SecureHeaders)
#
module SecureHeaders
HEADERS = {
"X-Content-Type-Options" => "nosniff",
"X-Frame-Options" => "SAMEORIGIN",
"X-Permitted-Cross-Domain-Policies" => "none",
"X-XSS-Protection" => "1; mode=block"
}.freeze # :nodoc:
def self.setup(app) # :nodoc:
app.set!(:default_headers, HEADERS.merge(app.default_headers))
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| tynn-2.0.0.alpha | lib/tynn/secure_headers.rb |