class SecureHeaders::Middleware
Public Class Methods
new(app)
click to toggle source
# File lib/secure_headers/middleware.rb, line 4 def initialize(app) @app = app end
Public Instance Methods
call(env)
click to toggle source
merges the hash of headers into the current header set.
# File lib/secure_headers/middleware.rb, line 9 def call(env) req = Rack::Request.new(env) status, headers, response = @app.call(env) config = SecureHeaders.config_for(req) flag_cookies!(headers, override_secure(env, config.cookies)) unless config.cookies == OPT_OUT headers.merge!(SecureHeaders.header_hash_for(req)) [status, headers, response] end
Private Instance Methods
override_secure(env, config = {})
click to toggle source
disable Secure cookies for non-https requests
# File lib/secure_headers/middleware.rb, line 34 def override_secure(env, config = {}) if scheme(env) != "https" && config != OPT_OUT config[:secure] = OPT_OUT end config end
scheme(env)
click to toggle source
derived from github.com/tobmatth/rack-ssl-enforcer/blob/6c014/lib/rack/ssl-enforcer.rb#L119
# File lib/secure_headers/middleware.rb, line 43 def scheme(env) if env["HTTPS"] == "on" || env["HTTP_X_SSL_REQUEST"] == "on" "https" elsif env["HTTP_X_FORWARDED_PROTO"] env["HTTP_X_FORWARDED_PROTO"].split(",")[0] else env["rack.url_scheme"] end end