123456789_123456789_123456789_123456789_123456789_

Class: Rack::Protection::StrictTransport

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain:
self, Base
Instance Chain:
self, Base
Inherits: Rack::Protection::Base
Defined in: rack-protection/lib/rack/protection/strict_transport.rb

Overview

Prevented attack

Protects against against protocol downgrade attacks and cookie hijacking.

Supported browsers

all

More infos

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.

Options:

max_age

How long future requests to the domain should go over HTTPS; specified in seconds

include_subdomains

If all present and future subdomains will be HTTPS

preload

Allow this domain to be included in browsers HSTS preload list. See https://hstspreload.appspot.com/

Constant Summary

Base - Inherited

DEFAULT_OPTIONS

Class Method Summary

Base - Inherited

.default_options, .default_reaction, .new

Instance Attribute Summary

Base - Inherited

#app, #options

Instance Method Summary

Base - Inherited

#accepts?, #call, #debug, #default_options,
#default_reaction

Alias for Base#deny.
#deny, #drop_session, #encrypt, #html?, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn

Constructor Details

This class inherits a constructor from Rack::Protection::Base

Instance Method Details

#call(env)

[ GitHub ] 

  


# File 'rack-protection/lib/rack/protection/strict_transport.rb', line 34



def call(env)
  status, headers, body = @app.call(env)
  headers['strict-transport-security'] ||= strict_transport
  [status, headers, body]
end


  








  

    #strict_transport  
  

  [ GitHub ]


  

  


# File 'rack-protection/lib/rack/protection/strict_transport.rb', line 25



def strict_transport
  @strict_transport ||= begin
    strict_transport = "max-age=#{options[:max_age]}"
    strict_transport += '; includeSubDomains' if options[:include_subdomains]
    strict_transport += '; preload' if options[:preload]
    strict_transport.to_str
  end
end