Class: Rack::Protection::XSSHeader

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain: self, `Base`
Instance Chain: self, `Base`
Inherits:	Rack::Protection::Base Object Rack::Protection::Base Rack::Protection::XSSHeader
Defined in:	rack-protection/lib/rack/protection/xss_header.rb

Overview

Prevented attack:: Non-permanent XSS Supported browsers:: Internet Explorer 8+ and Chrome More infos:: http://blogs.msdn.com/b/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx

Sets X-XSS-Protection header to tell the browser to block attacks.

Options: xss_mode:: How the browser should prevent the attack (default: :block)

Constant Summary

`Base` - Inherited

DEFAULT_OPTIONS

Class Method Summary

`Base` - Inherited

.default_options, .default_reaction, .new

Instance Attribute Summary

`Base` - Inherited

#app, #options

Instance Method Summary

#call(env)

`Base` - Inherited

#accepts?, #call, #default_options,
#default_reaction	Alias for Base#deny.
#deny, #drop_session, #encrypt, #html?, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn

Constructor Details

This class inherits a constructor from Rack::Protection::Base

Instance Method Details

#call(env)

[ GitHub ]

# File 'rack-protection/lib/rack/protection/xss_header.rb', line 19


def call(env)
  status, headers, body = @app.call(env)
  headers['x-xss-protection']       ||= "1; mode=#{options[:xss_mode]}" if html? headers
  headers['x-content-type-options'] ||= 'nosniff'                       if options[:nosniff]
  [status, headers, body]
end

Class: Rack::Protection::XSSHeader

Overview

Constant Summary

Base - Inherited

Class Method Summary

Base - Inherited

Instance Attribute Summary

Base - Inherited

Instance Method Summary

Base - Inherited

Constructor Details

Instance Method Details

#call(env)

`Base` - Inherited

`Base` - Inherited

`Base` - Inherited

`Base` - Inherited