Make SecureHeaders.config_for public allowing us to access config from

different contexts.

Author: jmera

lib/secure_headers.rb

@@ -149,6 +149,16 @@ def content_security_policy_style_nonce(request)
       content_security_policy_nonce(request, CSP::STYLE_SRC)
     end
 
+    # Public: Retreives the config for a given header type:
+    #
+    # Checks to see if there is an override for this request, then
+    # Checks to see if a named override is used for this request, then
+    # Falls back to the global config
+    def config_for(request)
+      request.env[SECURE_HEADERS_CONFIG] ||
+        Configuration.get(Configuration::DEFAULT_CONFIG)
+    end
+
     private
 
     # Private: gets or creates a nonce for CSP.
@@ -217,16 +227,6 @@ def use_cached_headers(default_headers, request)
       end
     end
 
-    # Private: Retreives the config for a given header type:
-    #
-    # Checks to see if there is an override for this request, then
-    # Checks to see if a named override is used for this request, then
-    # Falls back to the global config
-    def config_for(request)
-      request.env[SECURE_HEADERS_CONFIG] ||
-        Configuration.get(Configuration::DEFAULT_CONFIG)
-    end
-
     # Private: chooses the applicable CSP header for the provided user agent.
     #
     # headers - a hash of header_config_key => [header_name, header_value]

lib/secure_headers/middleware.rb

@@ -11,7 +11,8 @@ def call(env)
       req = Rack::Request.new(env)
       status, headers, response = @app.call(env)
 
-      flag_cookies_as_secure!(headers) if config(req).secure_cookies
+      config = SecureHeaders.config_for(req)
+      flag_cookies_as_secure!(headers) if config.secure_cookies
       headers.merge!(SecureHeaders.header_hash_for(req))
       [status, headers, response]
     end
@@ -33,9 +34,5 @@ def flag_cookies_as_secure!(headers)
         end.join("\n")
       end
     end
-
-    def config(req)
-      req.env[SECURE_HEADERS_CONFIG] || Configuration.get(Configuration::DEFAULT_CONFIG)
-    end
   end
 end