Move X-Frame-Options logic to FramOptions
This commit is contained in:
parent
0985552f33
commit
eb81b26bff
|
@ -2,7 +2,11 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
class FrameOptions < Base
|
||||
class FrameOptions < XSSHeader
|
||||
default_options :frame_options => :sameorigin
|
||||
def header
|
||||
{ 'X-Frame-Options' => options[:frame_options].to_s }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,20 +1,17 @@
|
|||
require 'rack/protection'
|
||||
|
||||
module Rack
|
||||
module Protection
|
||||
class XSSHeader
|
||||
HEADERS = {
|
||||
'X-XSS-Protection' => '1; mode=block',
|
||||
'X-Frame-Options' => 'sameorigin'
|
||||
}
|
||||
class XSSHeader < Base
|
||||
default_options :xss_mode => :block
|
||||
|
||||
def initialize(app, options)
|
||||
@app = app
|
||||
@headers = HEADERS.merge(options[:xss_headers] || {})
|
||||
@headers.delete_if { |k,v| !v }
|
||||
def header
|
||||
{ 'X-XSS-Protection' => "1; mode=#{options[:xss_mode]}" }
|
||||
end
|
||||
|
||||
def call(env)
|
||||
status, headers, body = @app.call(env)
|
||||
[status, @headers.merge(headers), body]
|
||||
[status, header.merge(headers), body]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue