Class: Archipelago::Security::OriginValidator
- Inherits:
-
Object
- Object
- Archipelago::Security::OriginValidator
- Defined in:
- lib/archipelago/security/origin_validator.rb
Instance Method Summary collapse
-
#initialize(request, configuration: Archipelago.configuration) ⇒ OriginValidator
constructor
A new instance of OriginValidator.
- #validate! ⇒ Object
Constructor Details
#initialize(request, configuration: Archipelago.configuration) ⇒ OriginValidator
Returns a new instance of OriginValidator.
6 7 8 9 |
# File 'lib/archipelago/security/origin_validator.rb', line 6 def initialize(request, configuration: Archipelago.configuration) @request = request @configuration = configuration end |
Instance Method Details
#validate! ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/archipelago/security/origin_validator.rb', line 11 def validate! return true unless @configuration.strict_origin_check origin = @request.headers["Origin"] return true if origin.nil? || origin.empty? uri = URI.parse(origin) expected_scheme = @request.protocol.delete_suffix("://") valid = uri.scheme == expected_scheme && uri.host == @request.host && uri.port == @request.port raise Archipelago::InvalidOrigin, "Origin mismatch" unless valid true rescue URI::InvalidURIError raise Archipelago::InvalidOrigin, "Invalid origin URI" end |