rack-secure_headers 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e7136f261dc9b340a0d89d3c10f8737718aecb64
-  data.tar.gz: 0efdaba9b544e47ee5d8b774caa9e00cadf8e5c1
+  metadata.gz: e495954722a9dfbac925e93f2e31364056083f04
+  data.tar.gz: 433960cb3b6821c8326d70ee356c452b57748345
 SHA512:
-  metadata.gz: 99e3f0cb9736fd9ce9cf36eff4a8a0084bacc83212d33328a0e897c1f838b0eed4e0a0882d473f0ccacd4995066cd81cebb7ad390acd38471bdf90496915f23a
-  data.tar.gz: 36075de1d501f7ae29c17c00f16a145975ea9a7b63b437e1f063bd2baebee20744233d5b62bb7a034d13f23f979be0a1e074a98ee9eeb2ea5f97a729e4ac2d16
+  metadata.gz: 7fa557243e1acc57060b9bcc9bb8a390efe31082e5be1f66762c8f4b8e73020d509528b8bfc108119f44107f3f7196601cde471f6c054f67808048ffd2a4cf5a
+  data.tar.gz: d354db70f1a6b46411496b2ce415baf68a5c8c087bbf3fd4b578af1031e33ff657b201976985385384f8efe6d19dc99c97a6612e033bd11529eb92fb686baf26

data/.gems

@@ -0,0 +1,2 @@
+cutest -v 1.2.2
+rack -v 1.6.4

data/lib/rack/secure_headers/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class SecureHeaders
-    VERSION = "0.0.1"
+    VERSION = "0.0.2"
   end
 end

data/lib/rack/secure_headers.rb

@@ -10,46 +10,47 @@ module Rack
       x_xss_protection: "1; mode=block"
     }
 
-    DEFAULT_HEADERS = {
-      x_content_type_options: "X-Content-Type-Options",
-      x_frame_options: "X-Frame-Options",
-      x_permitted_cross_domain_policies: "X-Permitted-Cross-Domain-Policies",
-      x_xss_protection: "X-XSS-Protection"
-    }
-
-    HSTS_HEADER = "Strict-Transport-Security".freeze
-
     def initialize(app, options = {})
+      options = DEFAULTS.merge(options)
+
       @app = app
-      @options = DEFAULTS.merge(options)
+      @headers = base_headers(options)
+
+      if options[:hsts]
+        @headers["Strict-Transport-Security"] = hsts_header(options[:hsts])
+      end
     end
 
     def call(env)
-      status, headers, body = @app.call(env)
+      tuple = @app.call(env)
+      tuple[1].merge!(@headers)
 
-      DEFAULT_HEADERS.each do |key, header|
-        headers[header] = @options[key] if @options[key]
-      end
+      return tuple
+    end
+
+    private
 
-      if @options[:hsts]
-        headers[HSTS_HEADER] = Utils.hsts(@options[:hsts])
+    def base_headers(options)
+      headers = {
+        "X-Content-Type-Options" => options[:x_content_type_options],
+        "X-Frame-Options" => options[:x_frame_options],
+        "X-Permitted-Cross-Domain-Policies" => options[:x_permitted_cross_domain_policies],
+        "X-XSS-Protection" => options[:x_xss_protection],
+      }
+
+      headers.each do |header, value|
+        headers.delete(header) if value.nil?
       end
 
-      return [status, headers, body]
+      return headers
     end
 
-    module Utils
-      HSTS_MAX_AGE = "max-age=%s".freeze
-      HSTS_INCLUDE_SUBDOMAINS = "; includeSubdomains".freeze
-      HSTS_PRELOAD = "; preload".freeze
-
-      def self.hsts(opts)
-        header = sprintf(HSTS_MAX_AGE, opts.fetch(:max_age))
-        header << HSTS_INCLUDE_SUBDOMAINS if opts[:include_subdomains]
-        header << HSTS_PRELOAD if opts[:preload]
+    def hsts_header(options)
+      header = sprintf("max-age=%s", options.fetch(:max_age))
+      header << "; includeSubdomains" if options[:include_subdomains]
+      header << "; preload" if options[:preload]
 
-        return header
-      end
+      return header
     end
   end
 end

data/makefile

@@ -1,2 +1,2 @@
 default:
-	cutest -r ./test/helper.rb ./test/*.rb
+	@cutest -r ./test/helper.rb ./test/*.rb

data/rack-secure_headers.gemspec

@@ -12,7 +12,6 @@ Gem::Specification.new do |s|
 
   s.files = `git ls-files`.split("\n")
 
-  s.add_dependency "rack", "~> 1.6.4"
-  s.add_development_dependency "bundler", "~> 1.10"
-  s.add_development_dependency "cutest", "~> 1.2"
+  s.add_dependency "rack", "~> 1.6"
+  s.add_development_dependency "cutest", "1.2.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-secure_headers
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Francesco Rodríguez
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-21 00:00:00.000000000 Z
+date: 2015-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -16,42 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.10'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: cutest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: 1.2.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: 1.2.2
 description: Security related HTTP headers for Rack applications
 email:
 - frodsan@protonmail.ch
@@ -59,8 +45,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- Gemfile
+- ".gems"
 - LICENSE
 - README.md
 - lib/rack/secure_headers.rb

data/.gitignore

@@ -1 +0,0 @@
-Gemfile.lock

data/Gemfile

@@ -1,3 +0,0 @@
-source "https://rubygems.org"
-
-gemspec