config_x_headers() - Code Metrics - stevenbeales/mental-test - Measure and Improve Code Quality continuously with Scrutinizer

config_x_headers() A
last analyzed 2018-04-24 04:15 UTC

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	1
dl	0
loc	10
rs	9.4285
c	1
b	0
f	0

# frozen_string_literal: true

require 'secure_headers'

def config_cookies(config)
  config.cookies = {
    secure: true, # mark all cookies as "Secure"
    httponly: true, # mark all cookies as "HttpOnly"
    samesite: {
      lax: true # mark all cookies as SameSite=lax
    }
  }
end

def config_x_headers(config)
  # Add "; preload" and submit the site to hstspreload.org for best protection.
  config.hsts = "max-age=#{1.week.to_i}"
  config.x_frame_options = 'DENY'
  config.x_content_type_options = 'nosniff'
  config.x_xss_protection = '1; mode=block'
  config.x_download_options = 'noopen'
  config.x_permitted_cross_domain_policies = 'none'
  config.referrer_policy = %w[origin-when-cross-origin strict-origin-when-cross-origin]
end

def config_report(config)
  # This is available only from 3.5.0;  
  config.csp_report_only = config.csp.merge(
    img_src: %w[somewhereelse.com],
    report_uri: %w[https://report-uri.io/example-csp-report-only]
  )
end

SecureHeaders::Configuration.default do |config|
  config_cookies(config)
  config_x_headers(config)
  config_report(config)
end

# Secure headers
use SecureHeaders::Middleware


1			# frozen_string_literal: true
2
3			require 'secure_headers'
4
5			def config_cookies(config)
6			config.cookies = {
7			secure: true, # mark all cookies as "Secure"
8			httponly: true, # mark all cookies as "HttpOnly"
9			samesite: {
10			lax: true # mark all cookies as SameSite=lax
11			}
12			}
13			end
14
15			def config_x_headers(config)
16			# Add "; preload" and submit the site to hstspreload.org for best protection.
17			config.hsts = "max-age=#{1.week.to_i}"
18			config.x_frame_options = 'DENY'
19			config.x_content_type_options = 'nosniff'
20			config.x_xss_protection = '1; mode=block'
21			config.x_download_options = 'noopen'
22			config.x_permitted_cross_domain_policies = 'none'
23			config.referrer_policy = %w[origin-when-cross-origin strict-origin-when-cross-origin]
24			end
25
26			def config_report(config)
27			# This is available only from 3.5.0;
28			config.csp_report_only = config.csp.merge(
29			img_src: %w[somewhereelse.com],
30			report_uri: %w[https://report-uri.io/example-csp-report-only]
31			)
32			end
33
34			SecureHeaders::Configuration.default do \|config\|
35			config_cookies(config)
36			config_x_headers(config)
37			config_report(config)
38			end
39
40			# Secure headers
41			use SecureHeaders::Middleware
42

stevenbeales / mental-test

config_x_headers() A last analyzed 2018-04-24 04:15 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

config_x_headers() A
last analyzed 2018-04-24 04:15 UTC