aaf-secure_headers 2.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Makefile +4 -0
- data/aaf-secure_headers.gemspec +4 -4
- data/lib/aaf/secure_headers/version.rb +1 -1
- data/lib/aaf/secure_headers.rb +4 -6
- metadata +23 -23
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: ddccf10317f20c9c52fcba7df59888275d4490ad87f4b3cbb2db812d3588e778
|
|
4
|
+
data.tar.gz: 7274ba4d0576f4808d8ac600636cbf5bdf10034bc89dbc6d9fd5e1b697522d51
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3e7bb1c774ccc670ac7da4851f2308ca1e0769bf108f5af377a7d53a335814acdf2103386c92b9a2c3429a6d9532c89bc8c83944d9e7f11603233e7812744400
|
|
7
|
+
data.tar.gz: 8b88b1e491acf1597b8f0c3ced81e10e7edd827d4722c236dd1ed1a098516100bf8222893de52c8f947747ed90af4e9f1cff9b08433c7b938dd0018a0f29e320
|
data/Makefile
ADDED
data/aaf-secure_headers.gemspec
CHANGED
|
@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ['lib']
|
|
23
23
|
|
|
24
|
-
spec.add_dependency 'secure_headers'
|
|
24
|
+
spec.add_dependency 'secure_headers'
|
|
25
25
|
spec.add_dependency 'activesupport'
|
|
26
26
|
|
|
27
|
-
spec.add_development_dependency 'bundler'
|
|
28
|
-
spec.add_development_dependency 'rake', '
|
|
29
|
-
spec.add_development_dependency 'rspec'
|
|
27
|
+
spec.add_development_dependency 'bundler'
|
|
28
|
+
spec.add_development_dependency 'rake', '>= 12.3.3'
|
|
29
|
+
spec.add_development_dependency 'rspec'
|
|
30
30
|
spec.add_development_dependency 'actionpack'
|
|
31
31
|
end
|
data/lib/aaf/secure_headers.rb
CHANGED
|
@@ -9,9 +9,7 @@ module AAF
|
|
|
9
9
|
config.cookies = {
|
|
10
10
|
secure: true,
|
|
11
11
|
httponly: true,
|
|
12
|
-
samesite:
|
|
13
|
-
lax: false
|
|
14
|
-
}
|
|
12
|
+
samesite: ::SecureHeaders::OPT_OUT
|
|
15
13
|
}
|
|
16
14
|
|
|
17
15
|
config.hsts = "max-age=#{6.months.to_i}; includeSubdomains; preload"
|
|
@@ -20,7 +18,7 @@ module AAF
|
|
|
20
18
|
config.x_xss_protection = '1; mode=block'
|
|
21
19
|
config.x_download_options = 'noopen'
|
|
22
20
|
config.x_permitted_cross_domain_policies = 'none'
|
|
23
|
-
config.referrer_policy = '
|
|
21
|
+
config.referrer_policy = 'strict-origin'
|
|
24
22
|
|
|
25
23
|
config.csp = {
|
|
26
24
|
preserve_schemes: false,
|
|
@@ -40,10 +38,10 @@ module AAF
|
|
|
40
38
|
end
|
|
41
39
|
|
|
42
40
|
class <<self
|
|
43
|
-
def development_mode!
|
|
41
|
+
def development_mode!(use_default_overrides: true)
|
|
44
42
|
ensure_rails
|
|
45
43
|
insert_dev_middleware
|
|
46
|
-
override_dev_configuration
|
|
44
|
+
override_dev_configuration if use_default_overrides
|
|
47
45
|
end
|
|
48
46
|
|
|
49
47
|
private
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aaf-secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Caught
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: secure_headers
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: activesupport
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -42,44 +42,44 @@ dependencies:
|
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
47
|
+
version: '0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- - "
|
|
59
|
+
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 12.3.3
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- - "
|
|
66
|
+
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 12.3.3
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rspec
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
|
-
- - "
|
|
73
|
+
- - ">="
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '
|
|
75
|
+
version: '0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- - "
|
|
80
|
+
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '
|
|
82
|
+
version: '0'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: actionpack
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,6 +106,7 @@ files:
|
|
|
106
106
|
- ".rubocop.yml"
|
|
107
107
|
- ".travis.yml"
|
|
108
108
|
- Gemfile
|
|
109
|
+
- Makefile
|
|
109
110
|
- README.md
|
|
110
111
|
- Rakefile
|
|
111
112
|
- aaf-secure_headers.gemspec
|
|
@@ -117,7 +118,7 @@ files:
|
|
|
117
118
|
homepage: https://github.com/ausaccessfed/aaf-secure_headers
|
|
118
119
|
licenses: []
|
|
119
120
|
metadata: {}
|
|
120
|
-
post_install_message:
|
|
121
|
+
post_install_message:
|
|
121
122
|
rdoc_options: []
|
|
122
123
|
require_paths:
|
|
123
124
|
- lib
|
|
@@ -132,9 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
133
|
- !ruby/object:Gem::Version
|
|
133
134
|
version: '0'
|
|
134
135
|
requirements: []
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
signing_key:
|
|
136
|
+
rubygems_version: 3.3.7
|
|
137
|
+
signing_key:
|
|
138
138
|
specification_version: 4
|
|
139
139
|
summary: Base configuration for AAF Secure Headers
|
|
140
140
|
test_files: []
|