2018-fumichan-thesis/sinatra-practice/form-sample/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.4/lib/rack/protection/frame_options.rb at f5a67b250666ed6bc84503316a29406235d6d26c

Fork: 0

HiroseLabo. / 2018-fumichan-thesis

Find file

Newer

Older

2018-fumichan-thesis / sinatra-practice / form-sample / vendor / bundle / ruby / 2.5.0 / gems / rack-protection-2.0.4 / lib / rack / protection / frame_options.rb

Fumichan on 6 Dec 2018 1 KB mv sample sinatra-practice, add sinatra-practice/Sinatra-ActiveRecord.pdf

Raw Blame History

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   Clickjacking
    # Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
    #                      Safari 4.0, Chrome 4.1.249.1042 and later
    # More infos::         https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
    #
    # Sets X-Frame-Options header to tell the browser avoid embedding the page
    # in a frame.
    #
    # Options:
    #
    # frame_options:: Defines who should be allowed to embed the page in a
    #                 frame. Use :deny to forbid any embedding, :sameorigin
    #                 to allow embedding from the same origin (default).
    class FrameOptions < Base
      default_options :frame_options => :sameorigin

      def frame_options
        @frame_options ||= begin
          frame_options = options[:frame_options]
          frame_options = options[:frame_options].to_s.upcase unless frame_options.respond_to? :to_str
          frame_options.to_str
        end
      end

      def call(env)
        status, headers, body        = @app.call(env)
        headers['X-Frame-Options'] ||= frame_options if html? headers
        [status, headers, body]
      end
    end
  end
end