Socket
Book a DemoInstallSign in
Socket

ezcsp

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ezcsp

0.0.2
bundlerRubygems
Version published
Maintainers
1
Created
Source

EzCSP provides a simple object-oriented way to generate Content-Security-Policy HTTP headers. For documentation on CSP, see Mozilla's Content-Security-Policy page.

Basic usage:

require 'ezcsp'
csp = EzCSP.new()

Then, depending on how you output HTTP headers, you could output the CSP header something like this:

headers['Content-Security-Policy'] = csp.to_s

csp.to_s, by default, returns this string:

default-src 'self'; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; block-all-mixed-content;

By default, the header value is very restrictive. It basically states that no resources — scripts, styles, images, etc. — from outside the current web site can be used. Expand that set of allowed resources by adding to the accessors listed in the class documentation, usually by using the cdn method. So, for example, to allow the browser to get scripts and styles from code.jquery.com, you would do this:

csp.cdn 'code.jquery.com', 'script_src', 'style_src'

which would produce this header value:

default-src 'self'; script-src 'self' code.jquery.com; style-src 'self' code.jquery.com; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; block-all-mixed-content;

EzCSP isn't a substitute for understanding content security policies. Make sure you read up on CSP before using this class.

Install

gem install ezcsp

Author

Mike O'Sullivan mike@idocs.com

History

versiondatenotes
0.0.2Nov 9, 2018Improved structure of gem. No changes to code.
0.0.1Nov 5, 2018Initial upload.

FAQs

Package last updated on 10 Nov 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.