class Roda::RodaPlugins::ContentSecurityPolicy::Policy
Represents a content security policy.
Public Class Methods
Public Instance Methods
Source
# File lib/roda/plugins/content_security_policy.rb, line 193 def clear @opts = {} end
Clear all settings, useful to remove any inherited settings.
Source
# File lib/roda/plugins/content_security_policy.rb, line 198 def freeze @opts.freeze header_value.freeze super end
Do not allow future modifications to any settings.
Source
# File lib/roda/plugins/content_security_policy.rb, line 205 def header_key @report_only ? RodaResponseHeaders::CONTENT_SECURITY_POLICY_REPORT_ONLY : RodaResponseHeaders::CONTENT_SECURITY_POLICY end
The header name to use, depends on whether report only mode has been enabled.
Source
# File lib/roda/plugins/content_security_policy.rb, line 210 def header_value return @header_value if @header_value s = String.new @opts.each do |k, vs| s << k unless vs == true vs.each{|v| append_formatted_value(s, v)} end s << '; ' end @header_value = s end
The header value to use.
Source
# File lib/roda/plugins/content_security_policy.rb, line 226 def report_only(report=true) @report_only = report end
Set whether the Content-Security-Policy-Report-Only header instead of the default Content-Security-Policy header.
Source
# File lib/roda/plugins/content_security_policy.rb, line 231 def report_only? !!@report_only end
Whether this policy uses report only mode.
Source
# File lib/roda/plugins/content_security_policy.rb, line 237 def set_header(headers) return if @opts.empty? headers[header_key] ||= header_value end
Set the current policy in the headers hash. If no settings have been made in the policy, does not set a header.
Private Instance Methods
Source
# File lib/roda/plugins/content_security_policy.rb, line 249 def append_formatted_value(s, v) case v when String s << ' ' << v when Array case v.length when 2 s << " '" << v.join('-') << "'" else raise RodaError, "unsupported CSP value used: #{v.inspect}" end when Symbol s << " '" << v.to_s.tr('_', '-') << "'" else raise RodaError, "unsupported CSP value used: #{v.inspect}" end end
Handle three types of values when formatting the header:
- String
-
used verbatim
- Symbol
-
Substitutes _ with - and surrounds with ‘
- Array
-
only accepts 2 element arrays, joins them with - and surrounds them with ‘
Source
# File lib/roda/plugins/content_security_policy.rb, line 268 def initialize_copy(_) super @opts = @opts.dup @header_value = nil end
Make object copy use copy of settings, and remove cached header value.