File: x_frame_options.rb

package info (click to toggle)
ruby-secure-headers 7.2.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 556 kB
  • sloc: ruby: 4,196; makefile: 5
file content (30 lines) | stat: -rw-r--r-- 1,056 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# frozen_string_literal: true
module SecureHeaders
  class XFOConfigError < StandardError; end
  class XFrameOptions
    HEADER_NAME = "x-frame-options".freeze
    SAMEORIGIN = "sameorigin"
    DENY = "deny"
    ALLOW_FROM = "allow-from"
    ALLOW_ALL = "allowall"
    DEFAULT_VALUE = SAMEORIGIN
    VALID_XFO_HEADER = /\A(#{SAMEORIGIN}\z|#{DENY}\z|#{ALLOW_ALL}\z|#{ALLOW_FROM}[:\s])/i

    # Public: generate an X-Frame-Options header.
    #
    # Returns a default header if no configuration is provided, or a
    # header name and value based on the config.
    def self.make_header(config = nil, user_agent = nil)
      return if config == OPT_OUT
      [HEADER_NAME, config || DEFAULT_VALUE]
    end

    def self.validate_config!(config)
      return if config.nil? || config == OPT_OUT
      raise TypeError.new("Must be a string. Found #{config.class}: #{config}") unless config.is_a?(String)
      unless config =~ VALID_XFO_HEADER
        raise XFOConfigError.new("Value must be SAMEORIGIN|DENY|ALLOW-FROM:|ALLOWALL")
      end
    end
  end
end