better_content_security_policy 0.1.1 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 552075b6d7925fc453e0fa3d02fcf36e380b2ed9345fba59a4076d725f99dd7b
4
- data.tar.gz: ba505d6e92e8a79cb04fe5af5c6effca9bef42ead63ec79f452b7a06cdd76f28
3
+ metadata.gz: 2279cf6665b6afbe530676d3416595e389659c8290a41b6a09dde1841b400ef6
4
+ data.tar.gz: c4aa540132d0606d0b2748eaa2dad38fc9b7f3122777c079aa10742a5fe3198b
5
5
  SHA512:
6
- metadata.gz: 0ea5026f84fc2424bbe827162c5cb929859833423ed587bb1cf6ca97ea2eb3d35dd9a70ad62c087805ad4931978a42e50b85a60798acf4986328496702fec714
7
- data.tar.gz: '03158b9addc223af6d297793b9def992ef9e3b947ae7d52e6ec4dfad348abd9ec61ebe0e3fbbf7e65aa9661ad1995ce246aa960faeaff0189df17534cf0746dc'
6
+ metadata.gz: 26dffa1cf6fbeadf3402d4f222b7a9d9b94a2ba0175a52f308cb34530bd7d178900b4de83cee0c4fc80cbc51be7dd58306cd81045a726b7ca2300cec9b5d9280
7
+ data.tar.gz: '0018cb0d86aa3cca6b58b7148a4ffbc760261f119732b4b03acd1a95762467d2387505efebbaf92c4ec592fea895e2c07272c6212f26232d9bfdf455dd4eed5b'
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- better_content_security_policy (0.1.0)
4
+ better_content_security_policy (0.1.3)
5
5
  rails (>= 5.0.0)
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -25,11 +25,13 @@ If bundler is not being used to manage dependencies, install the gem by executin
25
25
 
26
26
  ## Usage
27
27
 
28
- Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`:
28
+ Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`,
29
+ and the line `after_action :set_content_security_policy_header`.
29
30
 
30
31
  ```ruby
31
32
  class ApplicationController < ActionController::Base
32
33
  include BetterContentSecurityPolicy::HasContentSecurityPolicy
34
+ after_action :set_content_security_policy_header
33
35
  ```
34
36
 
35
37
  Define a `#configure_content_security_policy` method in `ApplicationController` to configure the default `Content-Security-Policy` rules:
@@ -81,7 +81,8 @@ module BetterContentSecurityPolicy
81
81
 
82
82
  kebab_source = kebab_case(dsl_source)
83
83
  return "'#{kebab_source}'" if QUOTED_SOURCES.include?(kebab_source)
84
- return "'#{dsl_source}'" if dsl_source.start_with?("nonce-")
84
+ return "'#{dsl_source}'" if dsl_source.start_with?("nonce-") ||
85
+ dsl_source.start_with?("sha256-")
85
86
 
86
87
  dsl_source
87
88
  end
@@ -6,6 +6,7 @@ module BetterContentSecurityPolicy
6
6
  # Include this module in your ApplicationController to configure a dynamic Content Security Policy.
7
7
  # The header will be set in an after_action after the response has been rendered.
8
8
  # This means that you can also modify the policy in your views.
9
+ # You must call 'after_action :set_content_security_policy_header' in your own controller.
9
10
  module HasContentSecurityPolicy
10
11
  extend ActiveSupport::Concern
11
12
 
@@ -14,7 +15,6 @@ module BetterContentSecurityPolicy
14
15
 
15
16
  helper_method :content_security_policy
16
17
  before_action :configure_content_security_policy
17
- after_action :set_content_security_policy_header
18
18
  end
19
19
 
20
20
  def content_security_policy
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BetterContentSecurityPolicy
4
- VERSION = "0.1.1"
4
+ VERSION = "0.1.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: better_content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Broadbent
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-10-11 00:00:00.000000000 Z
11
+ date: 2022-10-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails