rack-xframe-options 0.0.0 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/README.rdoc +13 -0
  2. data/VERSION +1 -1
  3. data/lib/rack/xframe-options.rb +3 -3
  4. data/rack-xframe-options.gemspec +57 -0
  5. data/test/helper.rb +0 -6
  6. data/test/test_rack-xframe-options.rb +33 -11
  7. metadata +4 -3
data/README.rdoc CHANGED
@@ -6,6 +6,19 @@ The X-Frame-Options HTTP response header can be used to indicate whether or not
6
6
  * https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
7
7
  * http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx
8
8
 
9
+ = Installation
10
+
11
+ gem "rack-xframe-options"
12
+
13
+
14
+ = Usage
15
+ use Rack::XFrameOptions ("DENY" is default)
16
+
17
+ or
18
+
19
+ use Rack::XFrameOptions, "SAMEORIGIN"
20
+
21
+
9
22
  == Note on Patches/Pull Requests
10
23
 
11
24
  * Fork the project.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.0
1
+ 0.1.0
data/lib/rack/xframe-options.rb CHANGED
@@ -1,19 +1,19 @@
1
1
  module Rack
2
2
  class XFrameOptions
3
3
 
4
- def initialize(app)
4
+ def initialize(app, value = "DENY")
5
5
  @app = app
6
+ @value = value
6
7
  end
7
8
 
8
9
  def call(env)
9
10
  status, headers, body = @app.call(env)
10
11
  if headers['Content-Type'] =~ /html/
11
- headers['X-Frame-Options'] = "DENY" # SAMEORIGIN
12
+ headers['X-Frame-Options'] = ["DENY", "SAMEORIGIN"].include?(@value) ? @value : "DENY"
12
13
  [status, headers, body]
13
14
  else
14
15
  @app.call(env)
15
16
  end
16
17
  end
17
-
18
18
  end
19
19
  end
data/rack-xframe-options.gemspec ADDED
@@ -0,0 +1,57 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{rack-xframe-options}
8
+ s.version = "0.1.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Tomasz Mazur"]
12
+ s.date = %q{2010-09-09}
13
+ s.description = %q{The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>}
14
+ s.email = %q{defkode@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".gitignore",
21
+ "LICENSE",
22
+ "README.rdoc",
23
+ "Rakefile",
24
+ "VERSION",
25
+ "lib/rack-xframe-options.rb",
26
+ "lib/rack/xframe-options.rb",
27
+ "rack-xframe-options.gemspec",
28
+ "test/helper.rb",
29
+ "test/test_rack-xframe-options.rb"
30
+ ]
31
+ s.homepage = %q{http://github.com/defkode/rack-xframe-options}
32
+ s.rdoc_options = ["--charset=UTF-8"]
33
+ s.require_paths = ["lib"]
34
+ s.rubygems_version = %q{1.3.7}
35
+ s.summary = %q{Adds X-Frame-Options Header to HTML response}
36
+ s.test_files = [
37
+ "test/helper.rb",
38
+ "test/test_rack-xframe-options.rb"
39
+ ]
40
+
41
+ if s.respond_to? :specification_version then
42
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
43
+ s.specification_version = 3
44
+
45
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
46
+ s.add_runtime_dependency(%q<rack>, [">= 0.9.1"])
47
+ s.add_development_dependency(%q<shoulda>, [">= 0"])
48
+ else
49
+ s.add_dependency(%q<rack>, [">= 0.9.1"])
50
+ s.add_dependency(%q<shoulda>, [">= 0"])
51
+ end
52
+ else
53
+ s.add_dependency(%q<rack>, [">= 0.9.1"])
54
+ s.add_dependency(%q<shoulda>, [">= 0"])
55
+ end
56
+ end
57
+
data/test/helper.rb CHANGED
@@ -5,9 +5,3 @@ require 'shoulda'
5
5
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
6
6
  $LOAD_PATH.unshift(File.dirname(__FILE__))
7
7
  require 'rack/xframe-options'
8
-
9
- class SampleApp
10
- def call(env)
11
- [200, {"Content-Type" => "text/html"}, "Sample Response"]
12
- end
13
- end
data/test/test_rack-xframe-options.rb CHANGED
@@ -1,23 +1,45 @@
1
1
  require 'helper'
2
2
 
3
+ class SampleApp
4
+ def call(env)
5
+ [200, {"Content-Type" => "text/html"}, "Sample Response"]
6
+ end
7
+ end
8
+
3
9
  class TestRackXframeOptions < Test::Unit::TestCase
4
10
  include Rack::Test::Methods
5
11
 
6
- context "X-Frame Options Header" do
7
- setup do
8
- def app
9
- Rack::Builder.new do
10
- use Rack::XFrameOptions
11
- run SampleApp.new
12
+ context "X-Frame-Options" do
13
+ context "DENY" do
14
+ setup do
15
+ def app
16
+ Rack::Builder.new do
17
+ use Rack::XFrameOptions
18
+ run SampleApp.new
19
+ end
12
20
  end
13
21
  end
14
- end
15
22
 
16
- should "be added to response headers" do
17
- get '/'
18
- assert_equal "DENY", last_response.headers['X-Frame-Options']
23
+ should "be added to response headers" do
24
+ get '/'
25
+ assert_equal "DENY", last_response.headers['X-Frame-Options']
26
+ end
19
27
  end
20
28
 
21
- end
29
+ context "SAMEORIGIN" do
30
+ setup do
31
+ def app
32
+ Rack::Builder.new do
33
+ use Rack::XFrameOptions, "SAMEORIGIN"
34
+ run SampleApp.new
35
+ end
36
+ end
37
+ end
22
38
 
39
+ should "be added to response headers" do
40
+ get '/'
41
+ assert_equal "SAMEORIGIN", last_response.headers['X-Frame-Options']
42
+ end
43
+ end
44
+ end
23
45
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-xframe-options
3
3
  version: !ruby/object:Gem::Version
4
- hash: 31
4
+ hash: 27
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
+ - 1
8
9
  - 0
9
- - 0
10
- version: 0.0.0
10
+ version: 0.1.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Tomasz Mazur
@@ -65,6 +65,7 @@ files:
65
65
  - VERSION
66
66
  - lib/rack-xframe-options.rb
67
67
  - lib/rack/xframe-options.rb
68
+ - rack-xframe-options.gemspec
68
69
  - test/helper.rb
69
70
  - test/test_rack-xframe-options.rb
70
71
  has_rdoc: true