Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trailofbits/http-security

Parse HTTP Security Headers
https://github.com/trailofbits/http-security

http http-security

Last synced: 6 days ago
JSON representation

Parse HTTP Security Headers

Host: GitHub
URL: https://github.com/trailofbits/http-security
Owner: trailofbits
License: mit
Created: 2014-10-08T19:22:42.000Z (about 10 years ago)
Default Branch: master
Last Pushed: 2024-09-12T16:44:58.000Z (2 months ago)
Last Synced: 2024-10-13T14:15:22.677Z (about 1 month ago)
Topics: http, http-security
Language: Ruby
Homepage:
Size: 183 KB
Stars: 36
Watchers: 43
Forks: 12
Open Issues: 4
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog.md
- License: LICENSE.txt
- Codeowners: CODEOWNERS

Awesome Lists containing this project

README

        # HTTP Security

* [Source](https://github.com/trailofbits/http-security)

* [Issues](https://github.com/trailofbits/http-security/issues)

* [Documentation](https://rubydoc.info/gems/http-security/frames)

[![Code Climate](https://codeclimate.com/github/trailofbits/http-security.png)](https://codeclimate.com/github/trailofbits/http-security) [![Build Status](https://travis-ci.org/trailofbits/http-security.svg)](https://travis-ci.org/trailofbits/http-security) [![Test Coverage](https://codeclimate.com/github/trailofbits/http-security/badges/coverage.svg)](https://codeclimate.com/github/trailofbits/http-security)

Security Headers is a parser for security-relevant HTTP headers. Each header

value is parsed and validated according to the syntax specified in its relevant 

RFC.

Security Headers relies on [parslet] for constructing its parsing grammar.

Currently parsed security headers are:

* `Cache-Control`

* `Content-Security-Policy`

* `Content-Security-Policy-Report-Only`

* `Expires`

* `Pragma`

* `Public-Key-Pins`

* `Public-Key-Pins-Report-Only`

* `Set-Cookie`

* `Strict-Transport-Security`

* `X-Content-Type-Options`

* `X-Frame-Options`

* `X-Permitted-Cross-Domain-Policies`

* `X-XSS-Protection`

## Example

    require 'net/https'

    response = Net::HTTP.get_response(URI('https://twitter.com/'))

    require 'http/security'

    headers = HTTP::Security::Response.parse(response)

    headers.cache_control

    # => #

    headers.content_security_policy

    # => #], @sandbox=nil>

    headers.expires

    # => #

    headers.pragma

    # => #

    headers.strict_transport_security

    # => #

    headers.x_content_type_options

    # => #

    headers.x_frame_options

    # => #

    headers.x_permitted_cross_domain_policies

    # => nil

    headers.x_xss_protection

    # => #

## Requirements

* [ruby] >= 1.9.1

* [parslet] ~> 1.5

## Install

    $ gem install http-security

## Testing

To run the RSpec tests:

    $ rake spec

To test the parser against the Alexa Top 100:

    $ rake spec:gauntlet

## License

See the {file:LICENSE.txt} file.

[ruby]: https://www.ruby-lang.org/

[parslet]: http://kschiess.github.io/parslet/