philiprehberger-header_kit 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d4bcbb3c1002def0f437335a19871b535ce7764369d43fed1c4a1548367988f
-  data.tar.gz: 03dea17ed3566ea8cce9ea8511f741c92487113b6ba0a4cdb899ab1835f07009
+  metadata.gz: b1e00c5cf603e6f7db3b7ac63478c587d4d3f0dd54d40ee11cbcc730a9ea4bb9
+  data.tar.gz: c58a1210d23ae79c1ac86cd6340c7b6f30c6f6f575eb82b9c33caff1c5306eb3
 SHA512:
-  metadata.gz: 35c43a782a9e1ba431f972d18ec2c248a6141e96f79c082d09a2a48f973aee449d684011e4b70e3f95b4c488ff71fb1537c8da716e0186669e9ca974ff267792
-  data.tar.gz: 1b82e5bdea29824445c2097f21009f57a0f71cebbd80799386aed785e2247de8a4c87bd65136e198fea1150485c6909264f21cfed3970a2365c47c61ca7b7ce7
+  metadata.gz: dbc951e5c1cee317be92464e8c4639cbb65f963f87f61b2050b12ed1c75b2be29d7cd326514ce35472a36bcc53d61d8cc445581cc3e85ff24954345dd3100439
+  data.tar.gz: eda78dd329146c43b11f44594c9fdc9fa5acf31352a77af7cc1e610f4ff80a6d21f4feb52119efc36a51058ba40aad15b89f0635cff908e7c39098ac3c5dfe4a

data/CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.3.0] - 2026-03-31
+
+### Added
+
+- `parse_cors` and `build_cors` for CORS header handling
+- `security_headers` for generating recommended security headers
+- `parse_forwarded` for RFC 7239 Forwarded header parsing
+- `parse_via` for Via header parsing
+
 ## [0.2.0] - 2026-03-28
 
 ### Added

data/README.md

@@ -137,6 +137,55 @@ Philiprehberger::HeaderKit.negotiate("text/html;q=0.9, application/json", ["text
 # => "application/json"
 ```
 
+### Parse CORS
+
+```ruby
+headers = {
+  'Origin' => 'https://example.com',
+  'Access-Control-Request-Method' => 'POST',
+  'Access-Control-Request-Headers' => 'Content-Type, Authorization'
+}
+Philiprehberger::HeaderKit.parse_cors(headers)
+# => {origin: "https://example.com", method: "POST", headers: ["Content-Type", "Authorization"]}
+```
+
+### Build CORS
+
+```ruby
+Philiprehberger::HeaderKit.build_cors(
+  origin: "https://example.com",
+  methods: ["GET", "POST"],
+  headers: ["Content-Type"],
+  max_age: 3600,
+  credentials: true
+)
+# => {"Access-Control-Allow-Origin" => "https://example.com", ...}
+```
+
+### Security Headers
+
+```ruby
+Philiprehberger::HeaderKit.security_headers
+# => {"X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", ...}
+
+Philiprehberger::HeaderKit.security_headers(hsts: "max-age=31536000", csp: "default-src 'self'")
+# => includes Strict-Transport-Security and Content-Security-Policy
+```
+
+### Parse Forwarded
+
+```ruby
+Philiprehberger::HeaderKit.parse_forwarded('for=192.0.2.60;proto=http;by=203.0.113.43')
+# => [{for: "192.0.2.60", proto: "http", by: "203.0.113.43"}]
+```
+
+### Parse Via
+
+```ruby
+Philiprehberger::HeaderKit.parse_via('1.1 vegur, 1.0 fred')
+# => [{protocol: "1.1", host: "vegur"}, {protocol: "1.0", host: "fred"}]
+```
+
 ## API
 
 | Method | Description |
@@ -155,6 +204,11 @@ Philiprehberger::HeaderKit.negotiate("text/html;q=0.9, application/json", ["text
 | `HeaderKit.parse_link(header)` | Parse Link header into entry array |
 | `HeaderKit.build_link(links)` | Build Link header from array of hashes |
 | `HeaderKit.negotiate(accept_header, available)` | Content negotiation, returns best match or nil |
+| `HeaderKit.parse_cors(headers)` | Parse CORS-related request headers |
+| `HeaderKit.build_cors(**options)` | Build CORS response headers |
+| `HeaderKit.security_headers(**options)` | Generate recommended security headers |
+| `HeaderKit.parse_forwarded(header)` | Parse RFC 7239 Forwarded header |
+| `HeaderKit.parse_via(header)` | Parse Via header into structured entries |
 
 ## Development
 

data/lib/philiprehberger/header_kit/cors.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    module Cors
+      module_function
+
+      def parse(headers)
+        result = {}
+        result[:origin] = headers['Origin'] || headers['origin']
+        result[:method] = headers['Access-Control-Request-Method'] || headers['access-control-request-method']
+        request_headers = headers['Access-Control-Request-Headers'] || headers['access-control-request-headers']
+        result[:headers] = request_headers&.split(',')&.map(&:strip) || []
+        result
+      end
+
+      def build(origin:, methods: ['GET'], headers: [], max_age: nil, credentials: false, expose: [])
+        result = {}
+        result['Access-Control-Allow-Origin'] = origin
+        result['Access-Control-Allow-Methods'] = Array(methods).join(', ')
+        result['Access-Control-Allow-Headers'] = Array(headers).join(', ') unless headers.empty?
+        result['Access-Control-Max-Age'] = max_age.to_s if max_age
+        result['Access-Control-Allow-Credentials'] = 'true' if credentials
+        result['Access-Control-Expose-Headers'] = Array(expose).join(', ') unless expose.empty?
+        result
+      end
+    end
+  end
+end

data/lib/philiprehberger/header_kit/forwarded.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    module Forwarded
+      module_function
+
+      def parse(header)
+        return [] if header.nil? || header.empty?
+
+        header.split(',').map do |part|
+          entry = {}
+          part.strip.split(';').each do |pair|
+            key, value = pair.strip.split('=', 2)
+            next unless key && value
+
+            entry[key.strip.downcase.to_sym] = unquote(value.strip)
+          end
+          entry
+        end
+      end
+
+      def parse_via(header)
+        return [] if header.nil? || header.empty?
+
+        header.split(',').map do |entry|
+          parts = entry.strip.split(/\s+/, 3)
+          result = {}
+          if parts.length >= 2
+            result[:protocol] = parts[0]
+            result[:host] = parts[1]
+            result[:comment] = parts[2] if parts[2]
+          else
+            result[:host] = parts[0]
+          end
+          result
+        end
+      end
+
+      def unquote(value)
+        value.start_with?('"') && value.end_with?('"') ? value[1..-2] : value
+      end
+
+      private_class_method :unquote
+    end
+  end
+end

data/lib/philiprehberger/header_kit/security.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Philiprehberger
+  module HeaderKit
+    module Security
+      DEFAULTS = {
+        content_type_options: 'nosniff',
+        frame_options: 'DENY',
+        xss_protection: '0',
+        referrer_policy: 'strict-origin-when-cross-origin'
+      }.freeze
+
+      module_function
+
+      def headers(hsts: nil, csp: nil, frame: nil, content_type_options: nil, referrer_policy: nil)
+        result = {}
+        result['X-Content-Type-Options'] = content_type_options || DEFAULTS[:content_type_options]
+        result['X-Frame-Options'] = frame || DEFAULTS[:frame_options]
+        result['X-XSS-Protection'] = DEFAULTS[:xss_protection]
+        result['Referrer-Policy'] = referrer_policy || DEFAULTS[:referrer_policy]
+        result['Strict-Transport-Security'] = hsts if hsts
+        result['Content-Security-Policy'] = csp if csp
+        result
+      end
+    end
+  end
+end

data/lib/philiprehberger/header_kit/version.rb

@@ -2,6 +2,6 @@
 
 module Philiprehberger
   module HeaderKit
-    VERSION = '0.2.0'
+    VERSION = '0.3.0'
   end
 end

data/lib/philiprehberger/header_kit.rb

@@ -11,6 +11,9 @@ require_relative 'header_kit/content_type'
 require_relative 'header_kit/cookie'
 require_relative 'header_kit/link'
 require_relative 'header_kit/negotiation'
+require_relative 'header_kit/cors'
+require_relative 'header_kit/security'
+require_relative 'header_kit/forwarded'
 
 module Philiprehberger
   module HeaderKit
@@ -131,5 +134,45 @@ module Philiprehberger
     def self.negotiate(accept_header, available)
       Negotiation.negotiate(accept_header, available)
     end
+
+    # Parse CORS-related headers from a request.
+    #
+    # @param headers [Hash] request headers hash
+    # @return [Hash] with :origin, :method, :headers keys
+    def self.parse_cors(headers)
+      Cors.parse(headers)
+    end
+
+    # Build CORS response headers.
+    #
+    # @param options [Hash] CORS options (origin:, methods:, headers:, max_age:, credentials:, expose:)
+    # @return [Hash{String => String}] response headers
+    def self.build_cors(**options)
+      Cors.build(**options)
+    end
+
+    # Generate recommended security response headers.
+    #
+    # @param options [Hash] overrides (hsts:, csp:, frame:, content_type_options:, referrer_policy:)
+    # @return [Hash{String => String}] security headers
+    def self.security_headers(**options)
+      Security.headers(**options)
+    end
+
+    # Parse an RFC 7239 Forwarded header.
+    #
+    # @param header [String] the Forwarded header value
+    # @return [Array<Hash>] parsed entries with symbol keys
+    def self.parse_forwarded(header)
+      Forwarded.parse(header)
+    end
+
+    # Parse a Via header into structured entries.
+    #
+    # @param header [String] the Via header value
+    # @return [Array<Hash>] entries with :protocol, :host, :comment keys
+    def self.parse_via(header)
+      Forwarded.parse_via(header)
+    end
   end
 end

metadata

@@ -1,18 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: philiprehberger-header_kit
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Philip Rehberger
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-29 00:00:00.000000000 Z
+date: 2026-03-31 00:00:00.000000000 Z
 dependencies: []
 description: Parse and build Accept, Accept-Language, Accept-Encoding, Authorization,
-  Cache-Control, Content-Type, Cookie, and Link HTTP headers. Includes content negotiation
-  for selecting the best response type or language.
+  Cache-Control, Content-Type, Cookie, Link, CORS, Forwarded, and Via HTTP headers.
+  Includes content negotiation and security header generation.
 email:
 - me@philiprehberger.com
 executables: []
@@ -31,14 +31,17 @@ files:
 - lib/philiprehberger/header_kit/cache_control.rb
 - lib/philiprehberger/header_kit/content_type.rb
 - lib/philiprehberger/header_kit/cookie.rb
+- lib/philiprehberger/header_kit/cors.rb
+- lib/philiprehberger/header_kit/forwarded.rb
 - lib/philiprehberger/header_kit/link.rb
 - lib/philiprehberger/header_kit/negotiation.rb
+- lib/philiprehberger/header_kit/security.rb
 - lib/philiprehberger/header_kit/version.rb
-homepage: https://github.com/philiprehberger/rb-header-kit
+homepage: https://philiprehberger.com/open-source-packages/ruby/philiprehberger-header_kit
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/philiprehberger/rb-header-kit
+  homepage_uri: https://philiprehberger.com/open-source-packages/ruby/philiprehberger-header_kit
   source_code_uri: https://github.com/philiprehberger/rb-header-kit
   changelog_uri: https://github.com/philiprehberger/rb-header-kit/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/philiprehberger/rb-header-kit/issues