class Roda::RodaPlugins::ContentSecurityPolicy::Policy

Represents a content security policy.

def append_formatted_value(s, v)

surrounds them with ‘ Array

only accepts 2 element arrays, joins them with - and Symbol

Substitutes _ with - and surrounds with ‘ String: used verbatim
Handle three types of values when formatting the header:

def append_formatted_value(s, v)
  case v
  when String
    s << ' ' << v
  when Array
    case v.length
    when 2
      s << " '" << v.join('-') << "'"
    else
      raise RodaError, "unsupported CSP value used: #{v.inspect}"
    end
  when Symbol
    s << " '" << v.to_s.gsub('_', '-') << "'"
  else
    raise RodaError, "unsupported CSP value used: #{v.inspect}"
  end
end

def clear

Clear all settings, useful to remove any inherited settings.

def clear
  @opts = {}
end

def freeze

Do not allow future modifications to any settings.

def freeze
  @opts.freeze
  header_value.freeze
  super
end

def header_key

The header name to use, depends on whether report only mode has been enabled.

def header_key
  @report_only ? RodaResponseHeaders::CONTENT_SECURITY_POLICY_REPORT_ONLY : RodaResponseHeaders::CONTENT_SECURITY_POLICY
end

def header_value

The header value to use.

def header_value
  return @header_value if @header_value
  s = String.new
  @opts.each do |k, vs|
    s << k
    unless vs == true
      vs.each{|v| append_formatted_value(s, v)}
    end
    s << '; '
  end
  @header_value = s
end

def initialize

def initialize
  clear
end

def initialize_copy(_)

Make object copy use copy of settings, and remove cached header value.

def initialize_copy(_)
  super
  @opts = @opts.dup
  @header_value = nil
end

def report_only(report=true)

default Content-Security-Policy header.
Set whether the Content-Security-Policy-Report-Only header instead of the

def report_only(report=true)
  @report_only = report
end

def report_only?

Whether this policy uses report only mode.

def report_only?
  !!@report_only
end

def set_header(headers)

in the policy, does not set a header.
Set the current policy in the headers hash. If no settings have been made

def set_header(headers)
  return if @opts.empty?
  headers[header_key] ||= header_value
end

Modules

Classes