Skip to content

Commit b82b56d

Browse files
ptoomey3ptoomey3
committed
Add a class level dup method
1 parent eb9af0b commit b82b56d

File tree

3 files changed

+22
-8
lines changed

3 files changed

+22
-8
lines changed

lib/secure_headers/configuration.rb

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,10 @@ def named_append(name, &block)
6262
@appends[name] = block
6363
end
6464

65+
def dup
66+
default_config.dup
67+
end
68+
6569
private
6670

6771
# Public: perform a basic deep dup. The shallow copy provided by dup/clone

spec/lib/secure_headers/configuration_spec.rb

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,16 @@ module SecureHeaders
1616
expect(Configuration.overrides(Configuration::NOOP_OVERRIDE)).to_not be_nil
1717
end
1818

19+
it "dup results in a copy of the default config" do
20+
Configuration.default
21+
original_configuration = Configuration.send(:default_config)
22+
configuration = Configuration.dup
23+
expect(original_configuration).not_to be(configuration)
24+
Configuration::CONFIG_ATTRIBUTES.each do |attr|
25+
expect(original_configuration.send(attr)).to eq(configuration.send(attr))
26+
end
27+
end
28+
1929
it "stores an override" do
2030
Configuration.override(:test_override) do |config|
2131
config.x_frame_options = "DENY"
@@ -41,7 +51,7 @@ module SecureHeaders
4151
config.cookies = OPT_OUT
4252
end
4353

44-
config = Configuration.send(:default_config)
54+
config = Configuration.dup
4555
expect(config.cookies).to eq(OPT_OUT)
4656
end
4757

@@ -50,7 +60,7 @@ module SecureHeaders
5060
config.cookies = {httponly: true, secure: true, samesite: {lax: false}}
5161
end
5262

53-
config = Configuration.send(:default_config)
63+
config = Configuration.dup
5464
expect(config.cookies).to eq({httponly: true, secure: true, samesite: {lax: false}})
5565
end
5666
end

spec/lib/secure_headers/headers/policy_management_spec.rb

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,7 @@ module SecureHeaders
172172
script_src: %w('self'),
173173
}
174174
end
175-
default_policy = Configuration.send(:default_config)
175+
default_policy = Configuration.dup
176176
combined_config = ContentSecurityPolicy.combine_policies(default_policy.csp.to_h, style_src: %w(anothercdn.com))
177177
csp = ContentSecurityPolicy.new(combined_config)
178178
expect(csp.name).to eq(ContentSecurityPolicyConfig::HEADER_NAME)
@@ -188,7 +188,7 @@ module SecureHeaders
188188
}.freeze
189189
end
190190
report_uri = "https://report-uri.io/asdf"
191-
default_policy = Configuration.send(:default_config)
191+
default_policy = Configuration.dup
192192
combined_config = ContentSecurityPolicy.combine_policies(default_policy.csp.to_h, report_uri: [report_uri])
193193
csp = ContentSecurityPolicy.new(combined_config, USER_AGENTS[:firefox])
194194
expect(csp.value).to include("report-uri #{report_uri}")
@@ -205,7 +205,7 @@ module SecureHeaders
205205
non_default_source_additions = ContentSecurityPolicy::NON_FETCH_SOURCES.each_with_object({}) do |directive, hash|
206206
hash[directive] = %w("http://example.org)
207207
end
208-
default_policy = Configuration.send(:default_config)
208+
default_policy = Configuration.dup
209209
combined_config = ContentSecurityPolicy.combine_policies(default_policy.csp.to_h, non_default_source_additions)
210210

211211
ContentSecurityPolicy::NON_FETCH_SOURCES.each do |directive|
@@ -221,7 +221,7 @@ module SecureHeaders
221221
report_only: false
222222
}
223223
end
224-
default_policy = Configuration.send(:default_config)
224+
default_policy = Configuration.dup
225225
combined_config = ContentSecurityPolicy.combine_policies(default_policy.csp.to_h, report_only: true)
226226
csp = ContentSecurityPolicy.new(combined_config, USER_AGENTS[:firefox])
227227
expect(csp.name).to eq(ContentSecurityPolicyReportOnlyConfig::HEADER_NAME)
@@ -235,7 +235,7 @@ module SecureHeaders
235235
block_all_mixed_content: false
236236
}
237237
end
238-
default_policy = Configuration.send(:default_config)
238+
default_policy = Configuration.dup
239239
combined_config = ContentSecurityPolicy.combine_policies(default_policy.csp.to_h, block_all_mixed_content: true)
240240
csp = ContentSecurityPolicy.new(combined_config)
241241
expect(csp.value).to eq("default-src https:; block-all-mixed-content; script-src 'self'")
@@ -245,7 +245,7 @@ module SecureHeaders
245245
Configuration.default do |config|
246246
config.csp = OPT_OUT
247247
end
248-
default_policy = Configuration.send(:default_config)
248+
default_policy = Configuration.dup
249249
expect do
250250
ContentSecurityPolicy.combine_policies(default_policy.csp.to_h, script_src: %w(anothercdn.com))
251251
end.to raise_error(ContentSecurityPolicyConfigError)

0 commit comments

Comments
 (0)