Class: Whoosh::Middleware::SecurityHeaders

Inherits:

Object

Object
Whoosh::Middleware::SecurityHeaders

show all

Defined in:: lib/whoosh/middleware/security_headers.rb

Constant Summary collapse

HEADERS =

{
  "x-content-type-options" => "nosniff",
  "x-frame-options" => "DENY",
  "x-xss-protection" => "1; mode=block",
  "strict-transport-security" => "max-age=31536000; includeSubDomains",
  "x-download-options" => "noopen",
  "x-permitted-cross-domain-policies" => "none",
  "referrer-policy" => "strict-origin-when-cross-origin",
  "content-security-policy" => "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'"
}.freeze

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ SecurityHeaders constructor

A new instance of SecurityHeaders.

Constructor Details

#initialize(app) ⇒ `SecurityHeaders`

Returns a new instance of SecurityHeaders.



17
18
19

# File 'lib/whoosh/middleware/security_headers.rb', line 17

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/whoosh/middleware/security_headers.rb', line 21

def call(env)
  status, headers, body = @app.call(env)
  headers = headers.dup if headers.frozen?
  HEADERS.each { |k, v| headers[k] ||= v }
  [status, headers, body]
end

Class: Whoosh::Middleware::SecurityHeaders

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ SecurityHeaders

Instance Method Details

#call(env) ⇒ Object

#initialize(app) ⇒ `SecurityHeaders`

#call(env) ⇒ `Object`