aaf-secure_headers 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rspec +1 -0
- data/aaf-secure_headers.gemspec +1 -0
- data/lib/aaf/secure_headers.rb +32 -0
- data/lib/aaf/secure_headers/disable_secure_headers_for_error_pages.rb +19 -0
- data/lib/aaf/secure_headers/version.rb +1 -1
- metadata +18 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0ecbca92ffa54de01c7a60cc1a3dee3ae58d364d
|
|
4
|
+
data.tar.gz: cd06533d81d0a835311c0f80196be0075537e831
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 438ca38f427f1ddb1a36309bbd1197b95c130c2b97f6201b1ccbfdf961f8ce1cb53672870f8fe8f68d75556dac41ba6a63bc09729f2af81981744352d549e584
|
|
7
|
+
data.tar.gz: 192096b6d0ec62c86ceab51e0fc8d852c3c21cb663bde6548f32e2353b859b423225f11f42e1f25a6a979eb419a81b5f14dfeb7d4ec53fb81ad28c6036cbb487
|
data/.rspec
CHANGED
data/aaf-secure_headers.gemspec
CHANGED
data/lib/aaf/secure_headers.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'aaf/secure_headers/version'
|
|
2
|
+
require 'aaf/secure_headers/disable_secure_headers_for_error_pages'
|
|
2
3
|
require 'secure_headers'
|
|
3
4
|
require 'active_support/core_ext/integer/time'
|
|
4
5
|
|
|
@@ -37,5 +38,36 @@ module AAF
|
|
|
37
38
|
report_uri: []
|
|
38
39
|
}
|
|
39
40
|
end
|
|
41
|
+
|
|
42
|
+
class <<self
|
|
43
|
+
def development_mode!
|
|
44
|
+
ensure_rails
|
|
45
|
+
insert_dev_middleware
|
|
46
|
+
override_dev_configuration
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
def ensure_rails
|
|
52
|
+
return if const_defined?('Rails')
|
|
53
|
+
|
|
54
|
+
raise 'The Rails class is not defined. The `development_mode!` helper '\
|
|
55
|
+
'can only be used in a Rails application.'
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def insert_dev_middleware
|
|
59
|
+
Rails.application.config.middleware.insert_after(
|
|
60
|
+
::SecureHeaders::Middleware,
|
|
61
|
+
AAF::SecureHeaders::DisableSecureHeadersForErrorPages
|
|
62
|
+
)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def override_dev_configuration
|
|
66
|
+
::SecureHeaders::Configuration.override(:default) do |config|
|
|
67
|
+
config.hsts = nil
|
|
68
|
+
config.csp[:upgrade_insecure_requests] = false
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
40
72
|
end
|
|
41
73
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module AAF
|
|
4
|
+
module SecureHeaders
|
|
5
|
+
class DisableSecureHeadersForErrorPages
|
|
6
|
+
def initialize(app)
|
|
7
|
+
@app = app
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def call(env)
|
|
11
|
+
@app.call(env).tap do |(status, _, _)|
|
|
12
|
+
next if status < 400
|
|
13
|
+
request = ActionDispatch::Request.new(env)
|
|
14
|
+
::SecureHeaders.opt_out_of_all_protection(request)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aaf-secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Caught
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-11-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: secure_headers
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '3.0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: actionpack
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ">="
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '0'
|
|
83
97
|
description: Base configuration for AAF Secure Headers
|
|
84
98
|
email:
|
|
85
99
|
- ryan.caught@aaf.edu.au
|
|
@@ -98,6 +112,7 @@ files:
|
|
|
98
112
|
- bin/console
|
|
99
113
|
- bin/setup
|
|
100
114
|
- lib/aaf/secure_headers.rb
|
|
115
|
+
- lib/aaf/secure_headers/disable_secure_headers_for_error_pages.rb
|
|
101
116
|
- lib/aaf/secure_headers/version.rb
|
|
102
117
|
homepage: https://github.com/ausaccessfed/aaf-secure_headers
|
|
103
118
|
licenses: []
|
|
@@ -118,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
118
133
|
version: '0'
|
|
119
134
|
requirements: []
|
|
120
135
|
rubyforge_project:
|
|
121
|
-
rubygems_version: 2.6.
|
|
136
|
+
rubygems_version: 2.6.7
|
|
122
137
|
signing_key:
|
|
123
138
|
specification_version: 4
|
|
124
139
|
summary: Base configuration for AAF Secure Headers
|