Skip to main content

src/plume@frame_options.erl

-module(plume@frame_options).
-compile([no_auto_import, nowarn_unused_vars, nowarn_unused_function, nowarn_nomatch, inline]).
-define(FILEPATH, "src/plume/frame_options.gleam").
-export([to_string/1]).
-export_type([frame_options/0]).

-if(?OTP_RELEASE >= 27).
-define(MODULEDOC(Str), -moduledoc(Str)).
-define(DOC(Str), -doc(Str)).
-else.
-define(MODULEDOC(Str), -compile([])).
-define(DOC(Str), -compile([])).
-endif.

?MODULEDOC(
    " X-Frame-Options\n"
    "\n"
    " This response header indicates whether a browser should be allowed to\n"
    " render a page in a `<frame>`, `<iframe>`, `<embed>` or `<object>`. Sites\n"
    " can use this to avoid [click-jacking](https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Clickjacking)\n"
    " attacks by ensuring that their content is not embedded into other sites.\n"
    "\n"
    " See the [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options).\n"
).

-type frame_options() :: deny | same_origin.

-file("src/plume/frame_options.gleam", 23).
?DOC(" Encode as the `X-Frame-Options` header value.\n").
-spec to_string(frame_options()) -> binary().
to_string(Value) ->
    case Value of
        deny ->
            <<"DENY"/utf8>>;

        same_origin ->
            <<"SAMEORIGIN"/utf8>>
    end.