first pass at 'return all headers as a hash'

lib/secure_headers.rb

@@ -1,7 +1,32 @@
+require "secure_headers/version"
+require "secure_headers/header"
+require "secure_headers/headers/public_key_pins"
+require "secure_headers/headers/content_security_policy"
+require "secure_headers/headers/x_frame_options"
+require "secure_headers/headers/strict_transport_security"
+require "secure_headers/headers/x_xss_protection"
+require "secure_headers/headers/x_content_type_options"
+require "secure_headers/headers/x_download_options"
+require "secure_headers/headers/x_permitted_cross_domain_policies"
+require "secure_headers/railtie"
+require "secure_headers/hash_helper"
+require "secure_headers/view_helper"
+
 module SecureHeaders
   SCRIPT_HASH_CONFIG_FILE = 'config/script_hashes.yml'
   HASHES_ENV_KEY = 'secure_headers.script_hashes'
 
+  ALL_HEADER_CLASSES = [
+    SecureHeaders::ContentSecurityPolicy,
+    SecureHeaders::PublicKeyPins,
+    SecureHeaders::StrictTransportSecurity,
+    SecureHeaders::XContentTypeOptions,
+    SecureHeaders::XDownloadOptions,
+    SecureHeaders::XFrameOptions,
+    SecureHeaders::XPermittedCrossDomainPolicies,
+    SecureHeaders::XXssProtection
+  ]
+
   module Configuration
     class << self
       attr_accessor :hsts, :x_frame_options, :x_content_type_options,
@@ -24,6 +49,19 @@ def append_features(base)
         include InstanceMethods
       end
     end
+
+    def header_hash(options = {})
+      ALL_HEADER_CLASSES.inject({}) do |memo, klass|
+        header = get_a_header(klass::Constants::CONFIG_KEY, klass, ::SecureHeaders::Configuration.send(klass::Constants::CONFIG_KEY))
+        memo[header.name] = header.value
+        memo
+      end
+    end
+
+    def get_a_header(name, klass, options)
+      return if options == false
+      klass.new(options)
+    end
   end
 
   module ClassMethods
@@ -161,13 +199,8 @@ def secure_header_options_for(type, options)
       options.nil? ? ::SecureHeaders::Configuration.send(type) : options
     end
 
-
     def set_a_header(name, klass, options=nil)
-      options = secure_header_options_for name, options
-      return if options == false
-
-      header = klass.new(options)
-      set_header(header)
+      set_header(self.class.get_a_header(name, klass, secure_header_options_for(name, options)))
     end
 
     def set_header(name_or_header, value=nil)
@@ -180,18 +213,3 @@ def set_header(name_or_header, value=nil)
     end
   end
 end
-
-
-require "secure_headers/version"
-require "secure_headers/header"
-require "secure_headers/headers/public_key_pins"
-require "secure_headers/headers/content_security_policy"
-require "secure_headers/headers/x_frame_options"
-require "secure_headers/headers/strict_transport_security"
-require "secure_headers/headers/x_xss_protection"
-require "secure_headers/headers/x_content_type_options"
-require "secure_headers/headers/x_download_options"
-require "secure_headers/headers/x_permitted_cross_domain_policies"
-require "secure_headers/railtie"
-require "secure_headers/hash_helper"
-require "secure_headers/view_helper"

lib/secure_headers/headers/content_security_policy.rb

@@ -40,7 +40,9 @@ module Constants
       SOURCE_DIRECTIVES = DIRECTIVES + NON_DEFAULT_SOURCES
 
       ALL_DIRECTIVES = DIRECTIVES + NON_DEFAULT_SOURCES + OTHER
+      CONFIG_KEY = :csp
     end
+
     include Constants
 
     attr_reader :disable_fill_missing, :ssl_request

lib/secure_headers/headers/public_key_pins.rb

@@ -6,6 +6,7 @@ module Constants
       ENV_KEY = 'secure_headers.public_key_pins'
       HASH_ALGORITHMS = [:sha256]
       DIRECTIVES = [:max_age]
+      CONFIG_KEY = :hpkp
     end
     class << self
       def symbol_to_hyphen_case sym

lib/secure_headers/headers/strict_transport_security.rb

@@ -8,6 +8,7 @@ module Constants
       DEFAULT_VALUE = "max-age=" + HSTS_MAX_AGE
       VALID_STS_HEADER = /\Amax-age=\d+(; includeSubdomains)?(; preload)?\z/i
       MESSAGE = "The config value supplied for the HSTS header was invalid."
+      CONFIG_KEY = :hsts
     end
     include Constants
 

lib/secure_headers/headers/x_content_type_options.rb

@@ -5,6 +5,7 @@ class XContentTypeOptions < Header
     module Constants
       X_CONTENT_TYPE_OPTIONS_HEADER_NAME = "X-Content-Type-Options"
       DEFAULT_VALUE = "nosniff"
+      CONFIG_KEY = :x_content_type_options
     end
     include Constants
 
@@ -37,4 +38,4 @@ def validate_config
       end
     end
   end
-end
+end

lib/secure_headers/headers/x_download_options.rb

@@ -4,6 +4,7 @@ class XDownloadOptions < Header
     module Constants
       XDO_HEADER_NAME = "X-Download-Options"
       DEFAULT_VALUE = 'noopen'
+      CONFIG_KEY = :x_download_options
     end
     include Constants
 

lib/secure_headers/headers/x_frame_options.rb

@@ -5,6 +5,7 @@ module Constants
       XFO_HEADER_NAME = "X-Frame-Options"
       DEFAULT_VALUE = 'SAMEORIGIN'
       VALID_XFO_HEADER = /\A(SAMEORIGIN\z|DENY\z|ALLOW-FROM[:\s])/i
+      CONFIG_KEY = :x_frame_options
     end
     include Constants
 

lib/secure_headers/headers/x_permitted_cross_domain_policies.rb

@@ -5,6 +5,7 @@ module Constants
       XPCDP_HEADER_NAME = "X-Permitted-Cross-Domain-Policies"
       DEFAULT_VALUE = 'none'
       VALID_POLICIES = %w(all none master-only by-content-type by-ftp-filename)
+      CONFIG_KEY = :x_permitted_cross_domain_policies
     end
     include Constants
 

lib/secure_headers/headers/x_xss_protection.rb

@@ -5,6 +5,7 @@ module Constants
       X_XSS_PROTECTION_HEADER_NAME = 'X-XSS-Protection'
       DEFAULT_VALUE = "1"
       VALID_X_XSS_HEADER = /\A[01](; mode=block)?(; report=.*)?\z/i
+      CONFIG_KEY = :x_xss_protection
     end
     include Constants