class Roda::RodaPlugins::ContentSecurityPolicy::Policy

  1. lib/roda/plugins/content_security_policy.rb
Superclass: Object

Represents a content security policy.

Methods

Public Class

  1. new

Public Instance

  1. clear
  2. freeze
  3. header_key
  4. header_value
  5. report_only
  6. report_only?
  7. set_header

Public Class methods

new()
[show source]
    # File lib/roda/plugins/content_security_policy.rb
185 def initialize
186   clear
187 end

Public Instance methods

clear()

Clear all settings, useful to remove any inherited settings.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
190 def clear
191   @opts = {}
192 end
freeze()

Do not allow future modifications to any settings.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
195 def freeze
196   @opts.freeze
197   header_value.freeze
198   super
199 end
header_key()

The header name to use, depends on whether report only mode has been enabled.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
202 def header_key
203   @report_only ? RodaResponseHeaders::CONTENT_SECURITY_POLICY_REPORT_ONLY : RodaResponseHeaders::CONTENT_SECURITY_POLICY
204 end
header_value()

The header value to use.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
207 def header_value
208   return @header_value if @header_value
209 
210   s = String.new
211   @opts.each do |k, vs|
212     s << k
213     unless vs == true
214       vs.each{|v| append_formatted_value(s, v)}
215     end
216     s << '; '
217   end
218   @header_value = s
219 end
report_only(report=true)

Set whether the Content-Security-Policy-Report-Only header instead of the default Content-Security-Policy header.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
223 def report_only(report=true)
224   @report_only = report
225 end
report_only?()

Whether this policy uses report only mode.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
228 def report_only?
229   !!@report_only
230 end
set_header(headers)

Set the current policy in the headers hash. If no settings have been made in the policy, does not set a header.

[show source]
    # File lib/roda/plugins/content_security_policy.rb
234 def set_header(headers)
235   return if @opts.empty?
236   headers[header_key] ||= header_value
237 end