Move X-Frame-Options logic to FramOptions

2011-05-23 17:35:22 +02:00 · 2011-05-23 17:35:22 +02:00 · eb81b26bff
parent 0985552f33
commit eb81b26bff
2 changed files with 12 additions and 11 deletions
--- a/rack-protection/lib/rack/protection/frame_options.rb
+++ b/rack-protection/lib/rack/protection/frame_options.rb
@ -2,7 +2,11 @@ require 'rack/protection'

 module Rack
  module Protection
-    class FrameOptions < Base
+    class FrameOptions < XSSHeader
+      default_options :frame_options => :sameorigin
+      def header
+        { 'X-Frame-Options' => options[:frame_options].to_s }
+      end
    end
  end
 end
--- a/rack-protection/lib/rack/protection/xss_header.rb
+++ b/rack-protection/lib/rack/protection/xss_header.rb
@ -1,20 +1,17 @@
+require 'rack/protection'
+
 module Rack
  module Protection
-    class XSSHeader
-      HEADERS = {
-        'X-XSS-Protection' => '1; mode=block',
-        'X-Frame-Options'  => 'sameorigin'
-      }
+    class XSSHeader < Base
+      default_options :xss_mode => :block

-      def initialize(app, options)
-        @app     = app
-        @headers = HEADERS.merge(options[:xss_headers] || {})
-        @headers.delete_if { |k,v| !v }
+      def header
+        { 'X-XSS-Protection' => "1; mode=#{options[:xss_mode]}" }
      end

      def call(env)
        status, headers, body = @app.call(env)
-        [status, @headers.merge(headers), body]
+        [status, header.merge(headers), body]
      end
    end
  end