module Kemal::Shield

Overview

Kemal::Shield is a module that contains a collection of Kemal handlers. These handlers sets/unsets different HTTP response headers adding an extra layer of protection.

Kemal::Shield.activate # => Adds all the handlers

It is also possible to add just the handlers that you are interested in.

add_handler Kemal::Shield::XPoweredBy.new # => Removes the X-Powered-By header
add_handler Kemal::Shield::XXSSProtection.new # => Sets X-XSS-Protection to "0"

The different headers can be configured in the same way as Kemal:

Kemal::Shield.config do |config|
  config.csp_on = true
  config.hide_powered_by = true
  config.no_sniff = true
  config.referrer_policy = ["no-referrer"]
  config.x_xss_protection = false
end

Defined in:

kemal-shield.cr
kemal-shield/config.cr
kemal-shield/exceptions.cr
kemal-shield/handler.cr
kemal-shield/handlers/content_security_policy.cr
kemal-shield/handlers/cross_origin_embedder_policy.cr
kemal-shield/handlers/cross_origin_opener_policy.cr
kemal-shield/handlers/cross_origin_resource_policy.cr
kemal-shield/handlers/expect_ct.cr
kemal-shield/handlers/origin_agent_cluster.cr
kemal-shield/handlers/referrer_policy.cr
kemal-shield/handlers/strict_transport_security.cr
kemal-shield/handlers/x_content_type_options.cr
kemal-shield/handlers/x_dns_prefetch_control.cr
kemal-shield/handlers/x_download_options.cr
kemal-shield/handlers/x_frame_options.cr
kemal-shield/handlers/x_permitted_cross_domain_policies.cr
kemal-shield/handlers/x_powered_by.cr
kemal-shield/handlers/x_xss_protection.cr
kemal-shield/version.cr

Constant Summary

HANDLERS = [] of Shield::Handler.class
VERSION = "0.4.0"

Class Method Summary

Class Method Detail

def self.activate #

Adds a collection of Kemal::Shield::Handler.

Kemal::Shield.activate

[View source]
def self.add_handler(handler : Shield::Handler) #

Adds a Kemal::Shield::Handler.

class CustomHandler < Kemal::Shield::Handler
  def call(context)
    # code ...
    call_next context
  end
end

Kemal::Shield.add_handler CustomHandler.new

A Kemal::Shield::DublicateHandlerError is raised if dublicate handlers are added.

Kemal::Shield.add_handler CustomHandler.new # => okay
Kemal::Shield.add_handler CustomHandler.new # => raises DublicateHandlerError

[View source]
def self.config(&) #

[View source]
def self.config #

[View source]
def self.deactivate #

Removes all Kemal::Shield::Handler.

Kemal::Shield.deactivate

[View source]
def self.remove_handler(handler : Shield::Handler.class) #

Removes a Kemal::Shield::Handler.

Returns the removed handler if found, otherwise nil.

Kemal::Shield.activate

Kemal::Shield.remove_handler Kemal::Shield::ExpectCT # => Kemal::Shield::ExpectCT object
Kemal::Shield.remove_handler Kemal::Shield::ExpectCT # => nil

[View source]