123456789_123456789_123456789_123456789_123456789_

Class: Rack::Protection::StrictTransport

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain:
self, Base
Instance Chain:
self, Base
Inherits: Rack::Protection::Base
Defined in: rack-protection/lib/rack/protection/strict_transport.rb

Overview

Prevented attack:: Protects against against protocol downgrade attacks and cookie hijacking. Supported browsers:: all More infos:: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.

Options:

max_age:: How long future requests to the domain should go over HTTPS; specified in seconds include_subdomains:: If all present and future subdomains will be HTTPS preload:: Allow this domain to be included in browsers HSTS preload list. See https://hstspreload.appspot.com/

Constant Summary

Base - Inherited

DEFAULT_OPTIONS

Class Method Summary

Base - Inherited

.default_options, .default_reaction, .new

Instance Attribute Summary

Base - Inherited

#app, #options

Instance Method Summary

Base - Inherited

#accepts?, #call, #default_options,
#default_reaction

Alias for Base#deny.
#deny, #drop_session, #encrypt, #html?, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn

Constructor Details

This class inherits a constructor from Rack::Protection::Base

Instance Method Details

#call(env)

[ GitHub ] 

  


# File 'rack-protection/lib/rack/protection/strict_transport.rb', line 34



def call(env)
  status, headers, body = @app.call(env)
  headers['strict-transport-security'] ||= strict_transport
  [status, headers, body]
end


  








  

    #strict_transport  
  

  [ GitHub ]


  

  


# File 'rack-protection/lib/rack/protection/strict_transport.rb', line 25



def strict_transport
  @strict_transport ||= begin
    strict_transport = "max-age=#{options[:max_age]}"
    strict_transport += '; includeSubDomains' if options[:include_subdomains]
    strict_transport += '; preload' if options[:preload]
    strict_transport.to_str
  end
end