Project

http-security

0.02
No release in over 3 years
Low commit activity in last 3 years
http-securitytrailofbits/http-securityHomepageDocumentationSource CodeBug TrackerWiki
HTTP Security Header Parser
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
14,982
Stars
36
Forks
8
Watchers
43
 Releases
Current version
0.1.0
Total releases
1
First release
2015-07-10
Latest release
2015-07-10
 Issues
Open Issues
4
Closed Issues
14
Total Issues
18
Issue Closure Rate
77%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-11-22
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.0

Runtime

parslet
~> 1.5
 Project Readme

HTTP Security

Code Climate Build Status Test Coverage

Security Headers is a parser for security-relevant HTTP headers. Each header value is parsed and validated according to the syntax specified in its relevant RFC.

Security Headers relies on parslet for constructing its parsing grammar.

Currently parsed security headers are:

  • Cache-Control
  • Content-Security-Policy
  • Content-Security-Policy-Report-Only
  • Expires
  • Pragma
  • Public-Key-Pins
  • Public-Key-Pins-Report-Only
  • Set-Cookie
  • Strict-Transport-Security
  • X-Content-Type-Options
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • X-XSS-Protection

Example

require 'net/https'
response = Net::HTTP.get_response(URI('https://twitter.com/'))

require 'http/security'
headers = HTTP::Security::Response.parse(response)

headers.cache_control
# => #<HTTP::Security::Headers::CacheControl:0x00000002f65778 @private=nil, @max_age=nil, @no_cache=true>

headers.content_security_policy
# => #<HTTP::Security::Headers::ContentSecurityPolicy:0x00000002d8e238 @default_src="https:"@12, @script_src="'unsafe-inline' 'unsafe-eval' https:"@172, @object_src="https:"@153, @style_src="'unsafe-inline' https:"@220, @img_src="https: blob: data:"@98, @media_src="https: blob:"@128, @frame_src="https: twitter:"@73, @font_src="https: data:"@49, @connect_src="https:"@32, @report_uri=[#<URI::HTTPS:0x00000002d94250 URL:https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false;>], @sandbox=nil>

headers.expires
# => #<HTTP::Security::HTTPDate: Tue, 31 Mar 1981 00:00:00 GMT ((2444695j,0s,0n),+0s,2299161j)>

headers.pragma
# => #<HTTP::Security::Headers::Pragma:0x00000002ccc5e8 @no_cache=true>

headers.strict_transport_security
# => #<HTTP::Security::Headers::StrictTransportSecurity:0x00000002c928c0 @max_age=631138519, @include_sub_domains=nil>

headers.x_content_type_options
# => #<HTTP::Security::Headers::XContentTypeOptions:0x00000002a46e40 @no_sniff=true>

headers.x_frame_options
# => #<HTTP::Security::Headers::XFrameOptions:0x000000028163c8 @deny=nil, @same_origin=true, @allow_from=nil, @allow_all=nil>

headers.x_permitted_cross_domain_policies
# => nil

headers.x_xss_protection
# => #<HTTP::Security::Headers::XXSSProtection:0x0000000297a408 @enabled=true, @mode="block"@8, @report=nil>

Requirements

Install

$ gem install http-security

Testing

To run the RSpec tests:

$ rake spec

To test the parser against the Alexa Top 100:

$ rake spec:gauntlet

License

See the {file:LICENSE.txt} file.