better_content_security_policy 0.1.1 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 552075b6d7925fc453e0fa3d02fcf36e380b2ed9345fba59a4076d725f99dd7b
-  data.tar.gz: ba505d6e92e8a79cb04fe5af5c6effca9bef42ead63ec79f452b7a06cdd76f28
+  metadata.gz: 2279cf6665b6afbe530676d3416595e389659c8290a41b6a09dde1841b400ef6
+  data.tar.gz: c4aa540132d0606d0b2748eaa2dad38fc9b7f3122777c079aa10742a5fe3198b
 SHA512:
-  metadata.gz: 0ea5026f84fc2424bbe827162c5cb929859833423ed587bb1cf6ca97ea2eb3d35dd9a70ad62c087805ad4931978a42e50b85a60798acf4986328496702fec714
-  data.tar.gz: '03158b9addc223af6d297793b9def992ef9e3b947ae7d52e6ec4dfad348abd9ec61ebe0e3fbbf7e65aa9661ad1995ce246aa960faeaff0189df17534cf0746dc'
+  metadata.gz: 26dffa1cf6fbeadf3402d4f222b7a9d9b94a2ba0175a52f308cb34530bd7d178900b4de83cee0c4fc80cbc51be7dd58306cd81045a726b7ca2300cec9b5d9280
+  data.tar.gz: '0018cb0d86aa3cca6b58b7148a4ffbc760261f119732b4b03acd1a95762467d2387505efebbaf92c4ec592fea895e2c07272c6212f26232d9bfdf455dd4eed5b'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    better_content_security_policy (0.1.0)
+    better_content_security_policy (0.1.3)
       rails (>= 5.0.0)
 
 GEM

data/README.md

@@ -25,11 +25,13 @@ If bundler is not being used to manage dependencies, install the gem by executin
 
 ## Usage
 
-Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`:
+Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`,
+and the line `after_action :set_content_security_policy_header`.
 
 ```ruby
 class ApplicationController < ActionController::Base
   include BetterContentSecurityPolicy::HasContentSecurityPolicy
+  after_action :set_content_security_policy_header
 ```
 
 Define a `#configure_content_security_policy` method in `ApplicationController` to configure the default `Content-Security-Policy` rules:

data/lib/better_content_security_policy/content_security_policy.rb

@@ -81,7 +81,8 @@ module BetterContentSecurityPolicy
 
       kebab_source = kebab_case(dsl_source)
       return "'#{kebab_source}'" if QUOTED_SOURCES.include?(kebab_source)
-      return "'#{dsl_source}'" if dsl_source.start_with?("nonce-")
+      return "'#{dsl_source}'" if dsl_source.start_with?("nonce-") ||
+                                  dsl_source.start_with?("sha256-")
 
       dsl_source
     end

data/lib/better_content_security_policy/has_content_security_policy.rb

@@ -6,6 +6,7 @@ module BetterContentSecurityPolicy
   # Include this module in your ApplicationController to configure a dynamic Content Security Policy.
   # The header will be set in an after_action after the response has been rendered.
   # This means that you can also modify the policy in your views.
+  # You must call 'after_action :set_content_security_policy_header' in your own controller.
   module HasContentSecurityPolicy
     extend ActiveSupport::Concern
 
@@ -14,7 +15,6 @@ module BetterContentSecurityPolicy
 
       helper_method :content_security_policy
       before_action :configure_content_security_policy
-      after_action :set_content_security_policy_header
     end
 
     def content_security_policy

data/lib/better_content_security_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BetterContentSecurityPolicy
-  VERSION = "0.1.1"
+  VERSION = "0.1.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: better_content_security_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.3
 platform: ruby
 authors:
 - Nathan Broadbent
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-10-11 00:00:00.000000000 Z
+date: 2022-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails