rack-xframe-options 0.0.0 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/README.rdoc +13 -0
  2. data/VERSION +1 -1
  3. data/lib/rack/xframe-options.rb +3 -3
  4. data/rack-xframe-options.gemspec +57 -0
  5. data/test/helper.rb +0 -6
  6. data/test/test_rack-xframe-options.rb +33 -11
  7. metadata +4 -3
data/README.rdoc CHANGED
@@ -6,6 +6,19 @@ The X-Frame-Options HTTP response header can be used to indicate whether or not
6
6
  * https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
7
7
  * http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx
8
8
 
9
+ = Installation
10
+
11
+ gem "rack-xframe-options"
12
+
13
+
14
+ = Usage
15
+ use Rack::XFrameOptions ("DENY" is default)
16
+
17
+ or
18
+
19
+ use Rack::XFrameOptions, "SAMEORIGIN"
20
+
21
+
9
22
  == Note on Patches/Pull Requests
10
23
 
11
24
  * Fork the project.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.0
1
+ 0.1.0
data/lib/rack/xframe-options.rb CHANGED
@@ -1,19 +1,19 @@
1
1
  module Rack
2
2
  class XFrameOptions
3
3
 
4
- def initialize(app)
4
+ def initialize(app, value = "DENY")
5
5
  @app = app
6
+ @value = value
6
7
  end
7
8
 
8
9
  def call(env)
9
10
  status, headers, body = @app.call(env)
10
11
  if headers['Content-Type'] =~ /html/
11
- headers['X-Frame-Options'] = "DENY" # SAMEORIGIN
12
+ headers['X-Frame-Options'] = ["DENY", "SAMEORIGIN"].include?(@value) ? @value : "DENY"
12
13
  [status, headers, body]
13
14
  else
14
15
  @app.call(env)
15
16
  end
16
17
  end
17
-
18
18
  end
19
19
  end
data/rack-xframe-options.gemspec ADDED
@@ -0,0 +1,57 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{rack-xframe-options}
8
+ s.version = "0.1.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Tomasz Mazur"]
12
+ s.date = %q{2010-09-09}
13
+ s.description = %q{The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>}
14
+ s.email = %q{defkode@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".gitignore",
21
+ "LICENSE",
22
+ "README.rdoc",
23
+ "Rakefile",
24
+ "VERSION",
25
+ "lib/rack-xframe-options.rb",
26
+ "lib/rack/xframe-options.rb",
27
+ "rack-xframe-options.gemspec",
28
+ "test/helper.rb",
29
+ "test/test_rack-xframe-options.rb"
30
+ ]
31
+ s.homepage = %q{http://github.com/defkode/rack-xframe-options}
32
+ s.rdoc_options = ["--charset=UTF-8"]
33
+ s.require_paths = ["lib"]
34
+ s.rubygems_version = %q{1.3.7}
35
+ s.summary = %q{Adds X-Frame-Options Header to HTML response}
36
+ s.test_files = [
37
+ "test/helper.rb",
38
+ "test/test_rack-xframe-options.rb"
39
+ ]
40
+
41
+ if s.respond_to? :specification_version then
42
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
43
+ s.specification_version = 3
44
+
45
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
46
+ s.add_runtime_dependency(%q<rack>, [">= 0.9.1"])
47
+ s.add_development_dependency(%q<shoulda>, [">= 0"])
48
+ else
49
+ s.add_dependency(%q<rack>, [">= 0.9.1"])
50
+ s.add_dependency(%q<shoulda>, [">= 0"])
51
+ end
52
+ else
53
+ s.add_dependency(%q<rack>, [">= 0.9.1"])
54
+ s.add_dependency(%q<shoulda>, [">= 0"])
55
+ end
56
+ end
57
+
data/test/helper.rb CHANGED
@@ -5,9 +5,3 @@ require 'shoulda'
5
5
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
6
6
  $LOAD_PATH.unshift(File.dirname(__FILE__))
7
7
  require 'rack/xframe-options'
8
-
9
- class SampleApp
10
- def call(env)
11
- [200, {"Content-Type" => "text/html"}, "Sample Response"]
12
- end
13
- end
data/test/test_rack-xframe-options.rb CHANGED
@@ -1,23 +1,45 @@
1
1
  require 'helper'
2
2
 
3
+ class SampleApp
4
+ def call(env)
5
+ [200, {"Content-Type" => "text/html"}, "Sample Response"]
6
+ end
7
+ end
8
+
3
9
  class TestRackXframeOptions < Test::Unit::TestCase
4
10
  include Rack::Test::Methods
5
11
 
6
- context "X-Frame Options Header" do
7
- setup do
8
- def app
9
- Rack::Builder.new do
10
- use Rack::XFrameOptions
11
- run SampleApp.new
12
+ context "X-Frame-Options" do
13
+ context "DENY" do
14
+ setup do
15
+ def app
16
+ Rack::Builder.new do
17
+ use Rack::XFrameOptions
18
+ run SampleApp.new
19
+ end
12
20
  end
13
21
  end
14
- end
15
22
 
16
- should "be added to response headers" do
17
- get '/'
18
- assert_equal "DENY", last_response.headers['X-Frame-Options']
23
+ should "be added to response headers" do
24
+ get '/'
25
+ assert_equal "DENY", last_response.headers['X-Frame-Options']
26
+ end
19
27
  end
20
28
 
21
- end
29
+ context "SAMEORIGIN" do
30
+ setup do
31
+ def app
32
+ Rack::Builder.new do
33
+ use Rack::XFrameOptions, "SAMEORIGIN"
34
+ run SampleApp.new
35
+ end
36
+ end
37
+ end
22
38
 
39
+ should "be added to response headers" do
40
+ get '/'
41
+ assert_equal "SAMEORIGIN", last_response.headers['X-Frame-Options']
42
+ end
43
+ end
44
+ end
23
45
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-xframe-options
3
3
  version: !ruby/object:Gem::Version
4
- hash: 31
4
+ hash: 27
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
+ - 1
8
9
  - 0
9
- - 0
10
- version: 0.0.0
10
+ version: 0.1.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Tomasz Mazur
@@ -65,6 +65,7 @@ files:
65
65
  - VERSION
66
66
  - lib/rack-xframe-options.rb
67
67
  - lib/rack/xframe-options.rb
68
+ - rack-xframe-options.gemspec
68
69
  - test/helper.rb
69
70
  - test/test_rack-xframe-options.rb
70
71
  has_rdoc: true