-module(plume@frame_options).
-compile([no_auto_import, nowarn_unused_vars, nowarn_unused_function, nowarn_nomatch, inline]).
-define(FILEPATH, "src/plume/frame_options.gleam").
-export([to_string/1]).
-export_type([frame_options/0]).
-if(?OTP_RELEASE >= 27).
-define(MODULEDOC(Str), -moduledoc(Str)).
-define(DOC(Str), -doc(Str)).
-else.
-define(MODULEDOC(Str), -compile([])).
-define(DOC(Str), -compile([])).
-endif.
?MODULEDOC(
" X-Frame-Options\n"
"\n"
" This response header indicates whether a browser should be allowed to\n"
" render a page in a `<frame>`, `<iframe>`, `<embed>` or `<object>`. Sites\n"
" can use this to avoid [click-jacking](https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Clickjacking)\n"
" attacks by ensuring that their content is not embedded into other sites.\n"
"\n"
" See the [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options).\n"
).
-type frame_options() :: deny | same_origin.
-file("src/plume/frame_options.gleam", 23).
?DOC(" Encode as the `X-Frame-Options` header value.\n").
-spec to_string(frame_options()) -> binary().
to_string(Value) ->
case Value of
deny ->
<<"DENY"/utf8>>;
same_origin ->
<<"SAMEORIGIN"/utf8>>
end.