better_content_security_policy 0.1.0 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 50e701c2051110a406b0ba73d7773bfd94c74889939e5302be70da1e44f29ed3
4
- data.tar.gz: dd67545b3d05169cbbc3fb1dfacd3cf501adf481f12f3706a54c9cdb70106db9
3
+ metadata.gz: bf8f11b55c77a23844ebd19428e56b42fa1ef3a4636137e7e61ab4bb6cfc5c24
4
+ data.tar.gz: dea5ebf55a0ec4985aacc0743dfda54fb81c5545cb4e7ae97df97d9d180d9feb
5
5
  SHA512:
6
- metadata.gz: a6dea4753c4dcc13dd6fa39a19a1b2108cce36641d4379a9471a90ebc92380966f914077322b9c1726974b8e5e73f7e0dde70b726f50ff11d57d49595c1ae55a
7
- data.tar.gz: f434678f26584c02569911e2250b739625cf02fd391654cd0f2e2ee1b73d6fd0f6a81df944f4e9f95bbc318821cab61b5b0bdb7e246e8b9b82c6525155fb9edc
6
+ metadata.gz: ffcb4a396dbe92cc3ab86d1ee3a5903c9032cc2a54abdff127ac1590495519edaebc2f70938cb574b7149617cc473f52cc8693e6b3fbb0136856ac9c0fd7fd40
7
+ data.tar.gz: 1fe7607741267495f00c7f2077336241abe91ff5eedb740f409ffc8637ea9c324b85270de5e68a2eacaddb675c8e6de13cd4a3c638d64d6fb29c5fd6d1bc7ecf
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- better_content_security_policy (0.1.0)
4
+ better_content_security_policy (0.1.2)
5
5
  rails (>= 5.0.0)
6
6
 
7
7
  GEM
@@ -88,6 +88,8 @@ GEM
88
88
  nio4r (2.5.8)
89
89
  nokogiri (1.12.5-x86_64-darwin)
90
90
  racc (~> 1.4)
91
+ nokogiri (1.12.5-x86_64-linux)
92
+ racc (~> 1.4)
91
93
  parallel (1.22.1)
92
94
  parser (3.1.2.1)
93
95
  ast (~> 2.4.1)
@@ -172,6 +174,7 @@ GEM
172
174
 
173
175
  PLATFORMS
174
176
  x86_64-darwin-21
177
+ x86_64-linux
175
178
 
176
179
  DEPENDENCIES
177
180
  better_content_security_policy!
data/README.md CHANGED
@@ -1,7 +1,9 @@
1
+ ![Ruby CI builds](https://github.com/DocSpring/better_content_security_policy/actions/workflows/main.yml/badge.svg)
2
+
1
3
  # Better Content Security Policy
2
4
 
3
- This gem makes it easy to configure a dynamic `Content-Security-Policy` header for your Rails application.
4
- You can easily customize the rules in your controllers, and you can also update the rules in your views.
5
+ This gem allows you to configure flexible and dynamic `Content-Security-Policy` headers for your Rails application.
6
+ By default, Rails only allows you to configure one global Content Security Policy for your whole application, in `config/initializers/content_security_policy.rb`. This gem moves the CSP logic into your controllers and views, so you can create multiple unique policies for different controllers, or add new rules for a specific action.
5
7
 
6
8
  Read the MDN Web Docs to learn more about Content Security Policies: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
7
9
 
@@ -115,7 +117,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
115
117
 
116
118
  ## Contributing
117
119
 
118
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/better_content_security_policy. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/better_content_security_policy/blob/main/CODE_OF_CONDUCT.md).
120
+ Bug reports and pull requests are welcome on GitHub at https://github.com/DocSpring/better_content_security_policy. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/DocSpring/better_content_security_policy/blob/main/CODE_OF_CONDUCT.md).
119
121
 
120
122
  ## License
121
123
 
@@ -123,4 +125,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
123
125
 
124
126
  ## Code of Conduct
125
127
 
126
- Everyone interacting in the BetterContentSecurityPolicy project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/better_content_security_policy/blob/main/CODE_OF_CONDUCT.md).
128
+ Everyone interacting in the BetterContentSecurityPolicy project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/DocSpring/better_content_security_policy/blob/main/CODE_OF_CONDUCT.md).
@@ -81,7 +81,8 @@ module BetterContentSecurityPolicy
81
81
 
82
82
  kebab_source = kebab_case(dsl_source)
83
83
  return "'#{kebab_source}'" if QUOTED_SOURCES.include?(kebab_source)
84
- return "'#{dsl_source}'" if dsl_source.start_with?("nonce-")
84
+ return "'#{dsl_source}'" if dsl_source.start_with?("nonce-") ||
85
+ dsl_source.start_with?("sha256-")
85
86
 
86
87
  dsl_source
87
88
  end
@@ -10,6 +10,8 @@ module BetterContentSecurityPolicy
10
10
  extend ActiveSupport::Concern
11
11
 
12
12
  included do
13
+ private :set_content_security_policy_header, :content_security_policy
14
+
13
15
  helper_method :content_security_policy
14
16
  before_action :configure_content_security_policy
15
17
  after_action :set_content_security_policy_header
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BetterContentSecurityPolicy
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: better_content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Broadbent
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-10-03 00:00:00.000000000 Z
11
+ date: 2022-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails