aaf-secure_headers 2.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 012fdee750397eeb849e71a825df52cde24b7864
-  data.tar.gz: 379cb106f941ef92d9117b06442e88108afbab8f
+SHA256:
+  metadata.gz: ddccf10317f20c9c52fcba7df59888275d4490ad87f4b3cbb2db812d3588e778
+  data.tar.gz: 7274ba4d0576f4808d8ac600636cbf5bdf10034bc89dbc6d9fd5e1b697522d51
 SHA512:
-  metadata.gz: 5eaaba8faa4b8dd21e4ff8ecd9287062178c87326e2dc231cbc7c94f6cb0a9f60cdf58dbe8dbc4c06db0ca3b56577dac661ae852740c01b5307f3c24b2af1818
-  data.tar.gz: 232b2b94bdc712141b5309de0499bed2382108a915707a3036b711d6e7bd263e9ebfe76e4a28c4be65c3696544833112fc7afd5f9cfb820fcd6b47bdb6e512dc
+  metadata.gz: 3e7bb1c774ccc670ac7da4851f2308ca1e0769bf108f5af377a7d53a335814acdf2103386c92b9a2c3429a6d9532c89bc8c83944d9e7f11603233e7812744400
+  data.tar.gz: 8b88b1e491acf1597b8f0c3ced81e10e7edd827d4722c236dd1ed1a098516100bf8222893de52c8f947747ed90af4e9f1cff9b08433c7b938dd0018a0f29e320

data/Makefile

@@ -0,0 +1,4 @@
+publish-gem:
+	gem build aaf-secure_headers.gemspec
+	gem push aaf-secure_headers-*.gem
+	rm aaf-secure_headers-*.gem

data/aaf-secure_headers.gemspec

@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'secure_headers', '~> 3.5.0.pre'
+  spec.add_dependency 'secure_headers'
   spec.add_dependency 'activesupport'
 
-  spec.add_development_dependency 'bundler', '~> 1.12'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake', '>= 12.3.3'
+  spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'actionpack'
 end

data/lib/aaf/secure_headers/version.rb

@@ -1,5 +1,5 @@
 module AAF
   module SecureHeaders
-    VERSION = '2.0.0'.freeze
+    VERSION = '3.1.0'.freeze
   end
 end

data/lib/aaf/secure_headers.rb

@@ -9,9 +9,7 @@ module AAF
       config.cookies = {
         secure: true,
         httponly: true,
-        samesite: {
-          lax: false
-        }
+        samesite: ::SecureHeaders::OPT_OUT
       }
 
       config.hsts = "max-age=#{6.months.to_i}; includeSubdomains; preload"
@@ -20,7 +18,7 @@ module AAF
       config.x_xss_protection = '1; mode=block'
       config.x_download_options = 'noopen'
       config.x_permitted_cross_domain_policies = 'none'
-      config.referrer_policy = 'no-referrer'
+      config.referrer_policy = 'strict-origin'
 
       config.csp = {
         preserve_schemes: false,
@@ -40,10 +38,10 @@ module AAF
     end
 
     class <<self
-      def development_mode!
+      def development_mode!(use_default_overrides: true)
         ensure_rails
         insert_dev_middleware
-        override_dev_configuration
+        override_dev_configuration if use_default_overrides
       end
 
       private

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: aaf-secure_headers
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Ryan Caught
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-08-21 00:00:00.000000000 Z
+date: 2022-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: secure_headers
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.5.0.pre
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.5.0.pre
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -42,44 +42,44 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -106,6 +106,7 @@ files:
 - ".rubocop.yml"
 - ".travis.yml"
 - Gemfile
+- Makefile
 - README.md
 - Rakefile
 - aaf-secure_headers.gemspec
@@ -117,7 +118,7 @@ files:
 homepage: https://github.com/ausaccessfed/aaf-secure_headers
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -132,9 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.12
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Base configuration for AAF Secure Headers
 test_files: []