class Roda::RodaPlugins::ContentSecurityPolicy::Policy
Represents a content security policy.
def append_formatted_value(s, v)
- surrounds them with ‘
Array - only accepts 2 element arrays, joins them with - and
Symbol - Substitutes _ with - and surrounds with ‘
String -
used verbatim
Handle three types of values when formatting the header:
- Substitutes _ with - and surrounds with ‘
- only accepts 2 element arrays, joins them with - and
def append_formatted_value(s, v) case v when String s << ' ' << v when Array case v.length when 2 s << " '" << v.join('-') << "'" else raise RodaError, "unsupported CSP value used: #{v.inspect}" end when Symbol s << " '" << v.to_s.gsub('_', '-') << "'" else raise RodaError, "unsupported CSP value used: #{v.inspect}" end end
def clear
Clear all settings, useful to remove any inherited settings.
def clear @opts = {} end
def freeze
Do not allow future modifications to any settings.
def freeze @opts.freeze header_value.freeze super end
def header_key
The header name to use, depends on whether report only mode has been enabled.
def header_key @report_only ? RodaResponseHeaders::CONTENT_SECURITY_POLICY_REPORT_ONLY : RodaResponseHeaders::CONTENT_SECURITY_POLICY end
def header_value
The header value to use.
def header_value return @header_value if @header_value s = String.new @opts.each do |k, vs| s << k unless vs == true vs.each{|v| append_formatted_value(s, v)} end s << '; ' end @header_value = s end
def initialize
def initialize clear end
def initialize_copy(_)
Make object copy use copy of settings, and remove cached header value.
def initialize_copy(_) super @opts = @opts.dup @header_value = nil end
def report_only(report=true)
default Content-Security-Policy header.
Set whether the Content-Security-Policy-Report-Only header instead of the
def report_only(report=true) @report_only = report end
def report_only?
Whether this policy uses report only mode.
def report_only? !!@report_only end
def set_header(headers)
in the policy, does not set a header.
Set the current policy in the headers hash. If no settings have been made
def set_header(headers) return if @opts.empty? headers[header_key] ||= header_value end