class SecureHeaders::Cookie
Constants
- COOKIE_DEFAULTS
Attributes
config[R]
Public Class Methods
new(cookie, config)
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 24 def initialize(cookie, config) @raw_cookie = cookie unless config == OPT_OUT config ||= {} config = COOKIE_DEFAULTS.merge(config) end @config = config @attributes = { httponly: nil, samesite: nil, secure: nil, } parse(cookie) end
validate_config!(config)
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 11 def validate_config!(config) CookiesConfig.new(config).validate! end
Public Instance Methods
httponly?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 52 def httponly? flag_cookie?(:httponly) && !already_flagged?(:httponly) end
samesite?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 56 def samesite? flag_samesite? && !already_flagged?(:samesite) end
secure?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 48 def secure? flag_cookie?(:secure) && !already_flagged?(:secure) end
to_s()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 40 def to_s @raw_cookie.dup.tap do |c| c << "; secure" if secure? c << "; HttpOnly" if httponly? c << "; #{samesite_cookie}" if samesite? end end
Private Instance Methods
already_flagged?(attribute)
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 66 def already_flagged?(attribute) @attributes[attribute] end
conditionally_flag?(configuration)
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 82 def conditionally_flag?(configuration) if(Array(configuration[:only]).any? && (Array(configuration[:only]) & parsed_cookie.keys).any?) true elsif(Array(configuration[:except]).any? && (Array(configuration[:except]) & parsed_cookie.keys).none?) true else false end end
flag_samesite?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 102 def flag_samesite? return false if config == OPT_OUT || config[:samesite] == OPT_OUT flag_samesite_lax? || flag_samesite_strict? || flag_samesite_none? end
flag_samesite_enforcement?(mode)
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 119 def flag_samesite_enforcement?(mode) return unless config[:samesite] if config[:samesite].is_a?(TrueClass) && mode == :lax return true end case config[:samesite][mode] when Hash conditionally_flag?(config[:samesite][mode]) when TrueClass true else false end end
flag_samesite_lax?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 107 def flag_samesite_lax? flag_samesite_enforcement?(:lax) end
flag_samesite_none?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 115 def flag_samesite_none? flag_samesite_enforcement?(:none) end
flag_samesite_strict?()
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 111 def flag_samesite_strict? flag_samesite_enforcement?(:strict) end
parse(cookie)
click to toggle source
# File lib/secure_headers/headers/cookie.rb, line 136 def parse(cookie) return unless cookie cookie.split(/[;,]\s?/).each do |pairs| name, values = pairs.split("=", 2) name = CGI.unescape(name) attribute = name.downcase.to_sym if @attributes.has_key?(attribute) @attributes[attribute] = values || true end end end