philiprehberger-header_kit 0.1.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 25bd279387146f50454c0585427061ebd9c1a35b336e85c670a13ad304580aa1
-  data.tar.gz: 0c445388933a3a195d791ea09118f8728232d5c9fb87d15453b73d1c9283494e
+  metadata.gz: b1e00c5cf603e6f7db3b7ac63478c587d4d3f0dd54d40ee11cbcc730a9ea4bb9
+  data.tar.gz: c58a1210d23ae79c1ac86cd6340c7b6f30c6f6f575eb82b9c33caff1c5306eb3
 SHA512:
-  metadata.gz: 45d125fac1583f2c654e759d8b17e178641132c667bb23902981eb533ddc6704f7028ac9571a1dea8e3c54249c0b92a650d2784c5cbb79e04e37a69f1ed974de
-  data.tar.gz: 76bc7962e8f94207ce8ecd5356d758b9788d957fe70d761ac8aa5e7f24e0aab59bcd0ff65cb3631015addfbcca06d3393ae2ceb72b435b6fa711fcaee5423337
+  metadata.gz: dbc951e5c1cee317be92464e8c4639cbb65f963f87f61b2050b12ed1c75b2be29d7cd326514ce35472a36bcc53d61d8cc445581cc3e85ff24954345dd3100439
+  data.tar.gz: eda78dd329146c43b11f44594c9fdc9fa5acf31352a77af7cc1e610f4ff80a6d21f4feb52119efc36a51058ba40aad15b89f0635cff908e7c39098ac3c5dfe4a

data/CHANGELOG.md

@@ -7,6 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.3.0] - 2026-03-31
+
+### Added
+
+- `parse_cors` and `build_cors` for CORS header handling
+- `security_headers` for generating recommended security headers
+- `parse_forwarded` for RFC 7239 Forwarded header parsing
+- `parse_via` for Via header parsing
+
+## [0.2.0] - 2026-03-28
+
+### Added
+
+- Parse Accept-Language headers with quality values
+- Negotiate best language match from Accept-Language against available languages
+- Parse Accept-Encoding headers with quality values
+- Parse Authorization headers (Bearer, Basic, Digest schemes)
+- Parse Cookie headers into name-value hashes
+- Build Set-Cookie header strings with all standard attributes
+- Build Accept header strings from structured type arrays
+
 ## [0.1.1] - 2026-03-26
 
 ### Changed

data/README.md

@@ -2,7 +2,11 @@
 
 [![Tests](https://github.com/philiprehberger/rb-header-kit/actions/workflows/ci.yml/badge.svg)](https://github.com/philiprehberger/rb-header-kit/actions/workflows/ci.yml)
 [![Gem Version](https://badge.fury.io/rb/philiprehberger-header_kit.svg)](https://rubygems.org/gems/philiprehberger-header_kit)
+[![GitHub release](https://img.shields.io/github/v/release/philiprehberger/rb-header-kit)](https://github.com/philiprehberger/rb-header-kit/releases)
+[![Last updated](https://img.shields.io/github/last-commit/philiprehberger/rb-header-kit)](https://github.com/philiprehberger/rb-header-kit/commits/main)
 [![License](https://img.shields.io/github/license/philiprehberger/rb-header-kit)](LICENSE)
+[![Bug Reports](https://img.shields.io/github/issues/philiprehberger/rb-header-kit/bug)](https://github.com/philiprehberger/rb-header-kit/issues?q=is%3Aissue+is%3Aopen+label%3Abug)
+[![Feature Requests](https://img.shields.io/github/issues/philiprehberger/rb-header-kit/enhancement)](https://github.com/philiprehberger/rb-header-kit/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement)
 [![Sponsor](https://img.shields.io/badge/sponsor-GitHub%20Sponsors-ec6cb9)](https://github.com/sponsors/philiprehberger)
 
 HTTP header parsing, construction, and content negotiation
@@ -39,6 +43,44 @@ Philiprehberger::HeaderKit.parse_accept("text/html;q=0.9, application/json")
 #     {type: "text/html", quality: 0.9, params: {}}]
 ```
 
+### Build Accept
+
+```ruby
+Philiprehberger::HeaderKit.build_accept([{type: "text/html"}, {type: "application/json", quality: 0.9}])
+# => "text/html, application/json;q=0.9"
+```
+
+### Parse Accept-Language
+
+```ruby
+Philiprehberger::HeaderKit.parse_accept_language("en-US,en;q=0.9,fr;q=0.8")
+# => [{language: "en-US", quality: 1.0}, {language: "en", quality: 0.9}, {language: "fr", quality: 0.8}]
+```
+
+### Negotiate Language
+
+```ruby
+Philiprehberger::HeaderKit.negotiate_language("en-US,fr;q=0.9", ["fr", "en"])
+# => "en"
+```
+
+### Parse Accept-Encoding
+
+```ruby
+Philiprehberger::HeaderKit.parse_accept_encoding("gzip, deflate;q=0.5, br;q=0.8")
+# => [{encoding: "gzip", quality: 1.0}, {encoding: "br", quality: 0.8}, {encoding: "deflate", quality: 0.5}]
+```
+
+### Parse Authorization
+
+```ruby
+Philiprehberger::HeaderKit.parse_authorization("Bearer eyJhbGciOiJIUzI1NiJ9")
+# => {scheme: "Bearer", credentials: "eyJhbGciOiJIUzI1NiJ9"}
+
+Philiprehberger::HeaderKit.parse_authorization('Digest username="admin", realm="example"')
+# => {scheme: "Digest", params: {"username" => "admin", "realm" => "example"}}
+```
+
 ### Parse Cache-Control
 
 ```ruby
@@ -60,6 +102,20 @@ Philiprehberger::HeaderKit.parse_content_type("text/html; charset=utf-8")
 # => {media_type: "text/html", charset: "utf-8", boundary: nil}
 ```
 
+### Parse Cookie
+
+```ruby
+Philiprehberger::HeaderKit.parse_cookie("session=abc123; user=john")
+# => {"session" => "abc123", "user" => "john"}
+```
+
+### Build Set-Cookie
+
+```ruby
+Philiprehberger::HeaderKit.build_set_cookie("session", "abc123", secure: true, httponly: true, path: "/")
+# => "session=abc123; Path=/; Secure; HttpOnly"
+```
+
 ### Parse Link
 
 ```ruby
@@ -81,26 +137,94 @@ Philiprehberger::HeaderKit.negotiate("text/html;q=0.9, application/json", ["text
 # => "application/json"
 ```
 
+### Parse CORS
+
+```ruby
+headers = {
+  'Origin' => 'https://example.com',
+  'Access-Control-Request-Method' => 'POST',
+  'Access-Control-Request-Headers' => 'Content-Type, Authorization'
+}
+Philiprehberger::HeaderKit.parse_cors(headers)
+# => {origin: "https://example.com", method: "POST", headers: ["Content-Type", "Authorization"]}
+```
+
+### Build CORS
+
+```ruby
+Philiprehberger::HeaderKit.build_cors(
+  origin: "https://example.com",
+  methods: ["GET", "POST"],
+  headers: ["Content-Type"],
+  max_age: 3600,
+  credentials: true
+)
+# => {"Access-Control-Allow-Origin" => "https://example.com", ...}
+```
+
+### Security Headers
+
+```ruby
+Philiprehberger::HeaderKit.security_headers
+# => {"X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", ...}
+
+Philiprehberger::HeaderKit.security_headers(hsts: "max-age=31536000", csp: "default-src 'self'")
+# => includes Strict-Transport-Security and Content-Security-Policy
+```
+
+### Parse Forwarded
+
+```ruby
+Philiprehberger::HeaderKit.parse_forwarded('for=192.0.2.60;proto=http;by=203.0.113.43')
+# => [{for: "192.0.2.60", proto: "http", by: "203.0.113.43"}]
+```
+
+### Parse Via
+
+```ruby
+Philiprehberger::HeaderKit.parse_via('1.1 vegur, 1.0 fred')
+# => [{protocol: "1.1", host: "vegur"}, {protocol: "1.0", host: "fred"}]
+```
+
 ## API
 
 | Method | Description |
 |--------|-------------|
 | `HeaderKit.parse_accept(header)` | Parse Accept header into sorted entries |
+| `HeaderKit.build_accept(types)` | Build Accept header string from type array |
+| `HeaderKit.parse_accept_language(header)` | Parse Accept-Language into sorted entries |
+| `HeaderKit.negotiate_language(header, available)` | Language negotiation, returns best match or nil |
+| `HeaderKit.parse_accept_encoding(header)` | Parse Accept-Encoding into sorted entries |
+| `HeaderKit.parse_authorization(header)` | Parse Authorization header (Bearer, Basic, Digest) |
 | `HeaderKit.parse_cache_control(header)` | Parse Cache-Control into directive hash |
 | `HeaderKit.build_cache_control(directives)` | Build Cache-Control string from hash |
 | `HeaderKit.parse_content_type(header)` | Parse Content-Type into components |
+| `HeaderKit.parse_cookie(header)` | Parse Cookie header into name-value hash |
+| `HeaderKit.build_set_cookie(name, value, **opts)` | Build Set-Cookie header string |
 | `HeaderKit.parse_link(header)` | Parse Link header into entry array |
 | `HeaderKit.build_link(links)` | Build Link header from array of hashes |
 | `HeaderKit.negotiate(accept_header, available)` | Content negotiation, returns best match or nil |
+| `HeaderKit.parse_cors(headers)` | Parse CORS-related request headers |
+| `HeaderKit.build_cors(**options)` | Build CORS response headers |
+| `HeaderKit.security_headers(**options)` | Generate recommended security headers |
+| `HeaderKit.parse_forwarded(header)` | Parse RFC 7239 Forwarded header |
+| `HeaderKit.parse_via(header)` | Parse Via header into structured entries |
 
 ## Development
 
 ```bash
 bundle install
-bundle exec rspec      # Run tests
-bundle exec rubocop    # Check code style
+bundle exec rspec
+bundle exec rubocop
 ```
 
+## Support
+
+If you find this package useful, consider giving it a star on GitHub — it helps motivate continued maintenance and development.
+
+[![LinkedIn](https://img.shields.io/badge/Philip%20Rehberger-LinkedIn-0A66C2?logo=linkedin)](https://www.linkedin.com/in/philiprehberger)
+[![More packages](https://img.shields.io/badge/more-open%20source%20packages-blue)](https://philiprehberger.com/open-source-packages)
+
 ## License
 
 [MIT](LICENSE)

data/lib/philiprehberger/header_kit/accept_builder.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    # Builds Accept header strings from structured type entries.
+    module AcceptBuilder
+      # Build an Accept header string from an array of type hashes.
+      #
+      # @param types [Array<Hash>] each with :type and optional :quality
+      # @return [String] formatted Accept header value
+      def self.build(types)
+        return '' if types.nil? || types.empty?
+
+        parts = types.map do |entry|
+          type = entry[:type]
+          quality = entry[:quality]
+
+          if quality && quality < 1.0
+            "#{type};q=#{format_quality(quality)}"
+          else
+            type
+          end
+        end
+
+        parts.join(', ')
+      end
+
+      # Format a quality value, removing trailing zeros.
+      #
+      # @param quality [Float] the quality value
+      # @return [String] formatted quality string
+      def self.format_quality(quality)
+        formatted = format('%.3f', quality)
+        formatted.sub(/0+\z/, '').sub(/\.\z/, '.0')
+      end
+
+      private_class_method :format_quality
+    end
+  end
+end

data/lib/philiprehberger/header_kit/accept_encoding.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    # Parses Accept-Encoding headers into structured encoding entries with quality values.
+    module AcceptEncoding
+      QUALITY_PATTERN = /\Aq\z/i
+
+      # Parse an Accept-Encoding header string.
+      #
+      # @param header [String] the Accept-Encoding header value
+      # @return [Array<Hash>] sorted by quality descending, each with :encoding, :quality
+      def self.parse(header)
+        return [] if header.nil? || header.strip.empty?
+
+        entries = header.split(',').map { |entry| parse_entry(entry.strip) }
+        entries.compact.sort_by { |e| [-e[:quality], entries.index(e)] }
+      end
+
+      # Parse a single encoding entry.
+      #
+      # @param entry [String] a single encoding with optional quality
+      # @return [Hash, nil] parsed entry or nil if invalid
+      def self.parse_entry(entry)
+        return nil if entry.empty?
+
+        parts = entry.split(';').map(&:strip)
+        encoding = parts.shift
+        return nil if encoding.nil? || encoding.empty?
+
+        quality = 1.0
+
+        parts.each do |param|
+          key, value = param.split('=', 2).map(&:strip)
+          next if key.nil? || key.empty?
+
+          quality = parse_quality(value) if QUALITY_PATTERN.match?(key)
+        end
+
+        { encoding: encoding.downcase, quality: quality }
+      end
+
+      # Parse a quality value, clamping to [0.0, 1.0].
+      #
+      # @param value [String, nil] the quality string
+      # @return [Float] parsed quality value
+      def self.parse_quality(value)
+        return 1.0 if value.nil? || value.empty?
+
+        value.to_f.clamp(0.0, 1.0)
+      end
+
+      private_class_method :parse_entry, :parse_quality
+    end
+  end
+end

data/lib/philiprehberger/header_kit/accept_language.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    # Parses Accept-Language headers into structured language entries with quality values.
+    module AcceptLanguage
+      QUALITY_PATTERN = /\Aq\z/i
+
+      # Parse an Accept-Language header string.
+      #
+      # @param header [String] the Accept-Language header value
+      # @return [Array<Hash>] sorted by quality descending, each with :language, :quality
+      def self.parse(header)
+        return [] if header.nil? || header.strip.empty?
+
+        entries = header.split(',').map { |entry| parse_entry(entry.strip) }
+        entries.compact.sort_by { |e| [-e[:quality], entries.index(e)] }
+      end
+
+      # Negotiate the best language match from available languages.
+      #
+      # @param header [String] the Accept-Language header value
+      # @param available [Array<String>] list of available language tags
+      # @return [String, nil] the best matching language, or nil if no match
+      def self.negotiate(header, available)
+        return nil if available.nil? || available.empty?
+        return available.first if header.nil? || header.strip.empty?
+
+        parsed = parse(header)
+        return nil if parsed.empty?
+
+        parsed.each do |entry|
+          next if entry[:quality] <= 0.0
+
+          match = find_match(entry[:language], available)
+          return match if match
+        end
+
+        nil
+      end
+
+      # Parse a single language entry.
+      #
+      # @param entry [String] a single language tag with optional quality
+      # @return [Hash, nil] parsed entry or nil if invalid
+      def self.parse_entry(entry)
+        return nil if entry.empty?
+
+        parts = entry.split(';').map(&:strip)
+        language = parts.shift
+        return nil if language.nil? || language.empty?
+
+        quality = 1.0
+
+        parts.each do |param|
+          key, value = param.split('=', 2).map(&:strip)
+          next if key.nil? || key.empty?
+
+          quality = parse_quality(value) if QUALITY_PATTERN.match?(key)
+        end
+
+        { language: language, quality: quality }
+      end
+
+      # Parse a quality value, clamping to [0.0, 1.0].
+      #
+      # @param value [String, nil] the quality string
+      # @return [Float] parsed quality value
+      def self.parse_quality(value)
+        return 1.0 if value.nil? || value.empty?
+
+        value.to_f.clamp(0.0, 1.0)
+      end
+
+      # Find the best match for a language tag among available languages.
+      #
+      # @param tag [String] the requested language tag
+      # @param available [Array<String>] available language tags
+      # @return [String, nil] matching language or nil
+      def self.find_match(tag, available)
+        return available.first if tag == '*'
+
+        downcased = tag.downcase
+        exact = available.find { |a| a.downcase == downcased }
+        return exact if exact
+
+        prefix = available.find { |a| a.downcase.start_with?("#{downcased}-") }
+        return prefix if prefix
+
+        base = downcased.split('-').first
+        available.find { |a| a.downcase.split('-').first == base }
+      end
+
+      private_class_method :parse_entry, :parse_quality, :find_match
+    end
+  end
+end

data/lib/philiprehberger/header_kit/authorization.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    # Parses Authorization headers for Bearer, Basic, and Digest schemes.
+    module Authorization
+      DIGEST_PARAM_PATTERN = %r{(\w+)=(?:"([^"]*)"|([\w+/=]+))}
+
+      # Parse an Authorization header string.
+      #
+      # @param header [String] the Authorization header value
+      # @return [Hash] with :scheme and :credentials (Bearer/Basic) or :params (Digest)
+      def self.parse(header)
+        return { scheme: nil, credentials: nil } if header.nil? || header.strip.empty?
+
+        stripped = header.strip
+        space_index = stripped.index(' ')
+
+        unless space_index
+          return { scheme: stripped, credentials: nil }
+        end
+
+        scheme = stripped[0...space_index]
+        rest = stripped[(space_index + 1)..].strip
+
+        case scheme.downcase
+        when 'bearer', 'basic'
+          { scheme: scheme, credentials: rest }
+        when 'digest'
+          { scheme: scheme, params: parse_digest_params(rest) }
+        else
+          { scheme: scheme, credentials: rest }
+        end
+      end
+
+      # Parse Digest authorization parameters.
+      #
+      # @param params_str [String] the parameter string after "Digest "
+      # @return [Hash{String => String}] parsed key-value parameters
+      def self.parse_digest_params(params_str)
+        params = {}
+
+        params_str.scan(DIGEST_PARAM_PATTERN).each do |key, quoted_value, unquoted_value|
+          params[key] = quoted_value || unquoted_value
+        end
+
+        params
+      end
+
+      private_class_method :parse_digest_params
+    end
+  end
+end

data/lib/philiprehberger/header_kit/cookie.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    # Parses Cookie headers and builds Set-Cookie header strings.
+    module Cookie
+      # Parse a Cookie header string into a name-value hash.
+      #
+      # @param header [String] the Cookie header value
+      # @return [Hash{String => String}] cookie name-value pairs
+      def self.parse(header)
+        return {} if header.nil? || header.strip.empty?
+
+        cookies = {}
+
+        header.split(';').each do |pair|
+          pair = pair.strip
+          next if pair.empty?
+
+          name, value = pair.split('=', 2)
+          next if name.nil? || name.strip.empty?
+
+          cookies[name.strip] = (value || '').strip
+        end
+
+        cookies
+      end
+
+      # Build a Set-Cookie header string.
+      #
+      # @param name [String] cookie name
+      # @param value [String] cookie value
+      # @param expires [String, nil] Expires attribute value
+      # @param max_age [Integer, nil] Max-Age attribute value
+      # @param secure [Boolean] include Secure flag
+      # @param httponly [Boolean] include HttpOnly flag
+      # @param samesite [String, nil] SameSite attribute (Strict, Lax, None)
+      # @param path [String, nil] Path attribute
+      # @param domain [String, nil] Domain attribute
+      # @return [String] formatted Set-Cookie header value
+      def self.build_set_cookie(name, value, expires: nil, max_age: nil, secure: false, # rubocop:disable Metrics/ParameterLists
+                                httponly: false, samesite: nil, path: nil, domain: nil)
+        parts = ["#{name}=#{value}"]
+        parts << "Expires=#{expires}" if expires
+        parts << "Max-Age=#{max_age}" if max_age
+        parts << "Domain=#{domain}" if domain
+        parts << "Path=#{path}" if path
+        parts << 'Secure' if secure
+        parts << 'HttpOnly' if httponly
+        parts << "SameSite=#{samesite}" if samesite
+
+        parts.join('; ')
+      end
+    end
+  end
+end

data/lib/philiprehberger/header_kit/cors.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    module Cors
+      module_function
+
+      def parse(headers)
+        result = {}
+        result[:origin] = headers['Origin'] || headers['origin']
+        result[:method] = headers['Access-Control-Request-Method'] || headers['access-control-request-method']
+        request_headers = headers['Access-Control-Request-Headers'] || headers['access-control-request-headers']
+        result[:headers] = request_headers&.split(',')&.map(&:strip) || []
+        result
+      end
+
+      def build(origin:, methods: ['GET'], headers: [], max_age: nil, credentials: false, expose: [])
+        result = {}
+        result['Access-Control-Allow-Origin'] = origin
+        result['Access-Control-Allow-Methods'] = Array(methods).join(', ')
+        result['Access-Control-Allow-Headers'] = Array(headers).join(', ') unless headers.empty?
+        result['Access-Control-Max-Age'] = max_age.to_s if max_age
+        result['Access-Control-Allow-Credentials'] = 'true' if credentials
+        result['Access-Control-Expose-Headers'] = Array(expose).join(', ') unless expose.empty?
+        result
+      end
+    end
+  end
+end

data/lib/philiprehberger/header_kit/forwarded.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    module Forwarded
+      module_function
+
+      def parse(header)
+        return [] if header.nil? || header.empty?
+
+        header.split(',').map do |part|
+          entry = {}
+          part.strip.split(';').each do |pair|
+            key, value = pair.strip.split('=', 2)
+            next unless key && value
+
+            entry[key.strip.downcase.to_sym] = unquote(value.strip)
+          end
+          entry
+        end
+      end
+
+      def parse_via(header)
+        return [] if header.nil? || header.empty?
+
+        header.split(',').map do |entry|
+          parts = entry.strip.split(/\s+/, 3)
+          result = {}
+          if parts.length >= 2
+            result[:protocol] = parts[0]
+            result[:host] = parts[1]
+            result[:comment] = parts[2] if parts[2]
+          else
+            result[:host] = parts[0]
+          end
+          result
+        end
+      end
+
+      def unquote(value)
+        value.start_with?('"') && value.end_with?('"') ? value[1..-2] : value
+      end
+
+      private_class_method :unquote
+    end
+  end
+end

data/lib/philiprehberger/header_kit/security.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    module Security
+      DEFAULTS = {
+        content_type_options: 'nosniff',
+        frame_options: 'DENY',
+        xss_protection: '0',
+        referrer_policy: 'strict-origin-when-cross-origin'
+      }.freeze
+
+      module_function
+
+      def headers(hsts: nil, csp: nil, frame: nil, content_type_options: nil, referrer_policy: nil)
+        result = {}
+        result['X-Content-Type-Options'] = content_type_options || DEFAULTS[:content_type_options]
+        result['X-Frame-Options'] = frame || DEFAULTS[:frame_options]
+        result['X-XSS-Protection'] = DEFAULTS[:xss_protection]
+        result['Referrer-Policy'] = referrer_policy || DEFAULTS[:referrer_policy]
+        result['Strict-Transport-Security'] = hsts if hsts
+        result['Content-Security-Policy'] = csp if csp
+        result
+      end
+    end
+  end
+end

data/lib/philiprehberger/header_kit/version.rb

@@ -2,6 +2,6 @@
 
 module Philiprehberger
   module HeaderKit
-    VERSION = '0.1.1'
+    VERSION = '0.3.0'
   end
 end

data/lib/philiprehberger/header_kit.rb

@@ -2,10 +2,18 @@
 
 require_relative 'header_kit/version'
 require_relative 'header_kit/accept'
+require_relative 'header_kit/accept_builder'
+require_relative 'header_kit/accept_encoding'
+require_relative 'header_kit/accept_language'
+require_relative 'header_kit/authorization'
 require_relative 'header_kit/cache_control'
 require_relative 'header_kit/content_type'
+require_relative 'header_kit/cookie'
 require_relative 'header_kit/link'
 require_relative 'header_kit/negotiation'
+require_relative 'header_kit/cors'
+require_relative 'header_kit/security'
+require_relative 'header_kit/forwarded'
 
 module Philiprehberger
   module HeaderKit
@@ -19,6 +27,47 @@ module Philiprehberger
       Accept.parse(header)
     end
 
+    # Build an Accept header string from an array of type hashes.
+    #
+    # @param types [Array<Hash>] each with :type and optional :quality
+    # @return [String] formatted Accept header value
+    def self.build_accept(types)
+      AcceptBuilder.build(types)
+    end
+
+    # Parse an Accept-Encoding header into structured entries sorted by quality.
+    #
+    # @param header [String] the Accept-Encoding header value
+    # @return [Array<Hash>] entries with :encoding, :quality keys
+    def self.parse_accept_encoding(header)
+      AcceptEncoding.parse(header)
+    end
+
+    # Parse an Accept-Language header into structured entries sorted by quality.
+    #
+    # @param header [String] the Accept-Language header value
+    # @return [Array<Hash>] entries with :language, :quality keys
+    def self.parse_accept_language(header)
+      AcceptLanguage.parse(header)
+    end
+
+    # Negotiate the best language from an Accept-Language header.
+    #
+    # @param header [String] the Accept-Language header value
+    # @param available [Array<String>] list of available language tags
+    # @return [String, nil] the best matching language, or nil if no match
+    def self.negotiate_language(header, available)
+      AcceptLanguage.negotiate(header, available)
+    end
+
+    # Parse an Authorization header into its components.
+    #
+    # @param header [String] the Authorization header value
+    # @return [Hash] with :scheme and :credentials or :params
+    def self.parse_authorization(header)
+      Authorization.parse(header)
+    end
+
     # Parse a Cache-Control header into a directive hash.
     #
     # @param header [String] the Cache-Control header value
@@ -43,6 +92,24 @@ module Philiprehberger
       ContentType.parse(header)
     end
 
+    # Parse a Cookie header into a name-value hash.
+    #
+    # @param header [String] the Cookie header value
+    # @return [Hash{String => String}] cookie name-value pairs
+    def self.parse_cookie(header)
+      Cookie.parse(header)
+    end
+
+    # Build a Set-Cookie header string.
+    #
+    # @param name [String] cookie name
+    # @param value [String] cookie value
+    # @param options [Hash] optional attributes (expires:, max_age:, secure:, httponly:, samesite:, path:, domain:)
+    # @return [String] formatted Set-Cookie header value
+    def self.build_set_cookie(name, value, **options)
+      Cookie.build_set_cookie(name, value, **options)
+    end
+
     # Parse a Link header into an array of link entries.
     #
     # @param header [String] the Link header value
@@ -67,5 +134,45 @@ module Philiprehberger
     def self.negotiate(accept_header, available)
       Negotiation.negotiate(accept_header, available)
     end
+
+    # Parse CORS-related headers from a request.
+    #
+    # @param headers [Hash] request headers hash
+    # @return [Hash] with :origin, :method, :headers keys
+    def self.parse_cors(headers)
+      Cors.parse(headers)
+    end
+
+    # Build CORS response headers.
+    #
+    # @param options [Hash] CORS options (origin:, methods:, headers:, max_age:, credentials:, expose:)
+    # @return [Hash{String => String}] response headers
+    def self.build_cors(**options)
+      Cors.build(**options)
+    end
+
+    # Generate recommended security response headers.
+    #
+    # @param options [Hash] overrides (hsts:, csp:, frame:, content_type_options:, referrer_policy:)
+    # @return [Hash{String => String}] security headers
+    def self.security_headers(**options)
+      Security.headers(**options)
+    end
+
+    # Parse an RFC 7239 Forwarded header.
+    #
+    # @param header [String] the Forwarded header value
+    # @return [Array<Hash>] parsed entries with symbol keys
+    def self.parse_forwarded(header)
+      Forwarded.parse(header)
+    end
+
+    # Parse a Via header into structured entries.
+    #
+    # @param header [String] the Via header value
+    # @return [Array<Hash>] entries with :protocol, :host, :comment keys
+    def self.parse_via(header)
+      Forwarded.parse_via(header)
+    end
   end
 end

metadata

@@ -1,17 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: philiprehberger-header_kit
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Philip Rehberger
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-27 00:00:00.000000000 Z
+date: 2026-03-31 00:00:00.000000000 Z
 dependencies: []
-description: Parse and build Accept, Cache-Control, Content-Type, and Link HTTP headers.
-  Includes content negotiation for selecting the best response type.
+description: Parse and build Accept, Accept-Language, Accept-Encoding, Authorization,
+  Cache-Control, Content-Type, Cookie, Link, CORS, Forwarded, and Via HTTP headers.
+  Includes content negotiation and security header generation.
 email:
 - me@philiprehberger.com
 executables: []
@@ -23,16 +24,24 @@ files:
 - README.md
 - lib/philiprehberger/header_kit.rb
 - lib/philiprehberger/header_kit/accept.rb
+- lib/philiprehberger/header_kit/accept_builder.rb
+- lib/philiprehberger/header_kit/accept_encoding.rb
+- lib/philiprehberger/header_kit/accept_language.rb
+- lib/philiprehberger/header_kit/authorization.rb
 - lib/philiprehberger/header_kit/cache_control.rb
 - lib/philiprehberger/header_kit/content_type.rb
+- lib/philiprehberger/header_kit/cookie.rb
+- lib/philiprehberger/header_kit/cors.rb
+- lib/philiprehberger/header_kit/forwarded.rb
 - lib/philiprehberger/header_kit/link.rb
 - lib/philiprehberger/header_kit/negotiation.rb
+- lib/philiprehberger/header_kit/security.rb
 - lib/philiprehberger/header_kit/version.rb
-homepage: https://github.com/philiprehberger/rb-header-kit
+homepage: https://philiprehberger.com/open-source-packages/ruby/philiprehberger-header_kit
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/philiprehberger/rb-header-kit
+  homepage_uri: https://philiprehberger.com/open-source-packages/ruby/philiprehberger-header_kit
   source_code_uri: https://github.com/philiprehberger/rb-header-kit
   changelog_uri: https://github.com/philiprehberger/rb-header-kit/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/philiprehberger/rb-header-kit/issues