class SecureHeaders::XXssProtection

Public Class Methods

new(config=nil) click to toggle source
# File lib/secure_headers/headers/x_xss_protection.rb, line 11
def initialize(config=nil)
  @config = config
  validate_config unless @config.nil?
end

Public Instance Methods

name() click to toggle source
# File lib/secure_headers/headers/x_xss_protection.rb, line 16
def name
  X_XSS_PROTECTION_HEADER_NAME
end
value() click to toggle source
# File lib/secure_headers/headers/x_xss_protection.rb, line 20
def value
  case @config
  when NilClass
    DEFAULT_VALUE
  when String
    @config
  else
    value = @config[:value].to_s
    value += "; mode=#{@config[:mode]}" if @config[:mode]
    value += "; report=#{@config[:report_uri]}" if @config[:report_uri]
    value
  end
end

Private Instance Methods

validate_config() click to toggle source
# File lib/secure_headers/headers/x_xss_protection.rb, line 36
def validate_config
  if @config.is_a? Hash
    if !@config[:value]
      raise XXssProtectionBuildError.new(":value key is missing")
    elsif @config[:value]
      unless [0,1].include?(@config[:value].to_i)
        raise XXssProtectionBuildError.new(":value must be 1 or 0")
      end

      if @config[:mode] && @config[:mode].casecmp('block') != 0
        raise XXssProtectionBuildError.new(":mode must nil or 'block'")
      end
    end
  elsif @config.is_a? String
    raise XXssProtectionBuildError.new("Invalid format (see VALID_X_XSS_HEADER)") unless @config =~ VALID_X_XSS_HEADER
  end
end