HTTP-SecureHeaders
view release on metacpan or search on metacpan
lib/HTTP/SecureHeaders.pm view on Meta::CPAN
# refs https://www.rfc-editor.org/rfc/rfc7034#section-2
sub check_x_frame_options {
$_[0] eq 'SAMEORIGIN' or
$_[0] eq 'DENY'
# ALLOW-FROM # deprecated
}
# refs https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
sub check_x_permitted_cross_domain_policies {
$_[0] =~ m!\A(?:none|master-only|by-content-type|by-ftp-filename|all)\z!
}
# refs https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
sub check_x_xss_protection {
$_[0] eq '0' or
$_[0] eq '1' or
$_[0] eq '1; mode=block'
# `report=<report-uri>` directive not recommend
}
t/03_check/check_x_permitted_cross_domain_policies.t view on Meta::CPAN
use Test2::V0;
use HTTP::SecureHeaders;
my @OK = (
'none',
'master-only',
'by-content-type',
'by-ftp-filename',
'all',
);
my @NG_for_simplicity = (
);
my @NG = (
'nonenone',
'xnone',
( run in 1.202 second using v1.01-cache-2.11-cpan-524268b4103 )