class Roda::RodaPlugins::ContentSecurityPolicy::Policy
Represents a content security policy.
def append_formatted_value(s, v)
Array :: only accepts 2 element arrays, joins them with - and
Symbol :: Substitutes _ with - and surrounds with '
String :: used verbatim
Handle three types of values when formatting the header:
def append_formatted_value(s, v) case v when String s << ' ' << v when Array case v.length when 2 s << " '" << v.join('-') << "'" else raise RodaError, "unsupported CSP value used: #{v.inspect}" end when Symbol s << " '" << v.to_s.gsub('_', '-') << "'" else raise RodaError, "unsupported CSP value used: #{v.inspect}" end end
def clear
def clear @opts = {} end
def freeze
def freeze @opts.freeze header_value.freeze super end
def header_key
def header_key @report_only ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy' end
def header_value
def header_value return @header_value if @header_value s = String.new @opts.each do |k, vs| s << k unless vs == true vs.each{|v| append_formatted_value(s, v)} end s << '; ' end @header_value = s end
def initialize
def initialize clear end
def initialize_copy(_)
def initialize_copy(_) super @opts = @opts.dup @header_value = nil end
def report_only(report=true)
Set whether the Content-Security-Policy-Report-Only header instead of the
def report_only(report=true) @report_only = report end
def report_only?
def report_only? !!@report_only end
def set_header(headers)
Set the current policy in the headers hash. If no settings have been made
def set_header(headers) return if @opts.empty? headers[header_key] ||= header_value end