better_content_security_policy 0.1.2 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bf8f11b55c77a23844ebd19428e56b42fa1ef3a4636137e7e61ab4bb6cfc5c24
4
- data.tar.gz: dea5ebf55a0ec4985aacc0743dfda54fb81c5545cb4e7ae97df97d9d180d9feb
3
+ metadata.gz: 42a95999c8944222bf7dcc5d97ee24f7cbb1a665095086adbe873bc9b4699f14
4
+ data.tar.gz: 69bc62d14e29971d1f2a64f99bb5c295520a2669c3ed3b0688a345504376d3c1
5
5
  SHA512:
6
- metadata.gz: ffcb4a396dbe92cc3ab86d1ee3a5903c9032cc2a54abdff127ac1590495519edaebc2f70938cb574b7149617cc473f52cc8693e6b3fbb0136856ac9c0fd7fd40
7
- data.tar.gz: 1fe7607741267495f00c7f2077336241abe91ff5eedb740f409ffc8637ea9c324b85270de5e68a2eacaddb675c8e6de13cd4a3c638d64d6fb29c5fd6d1bc7ecf
6
+ metadata.gz: 89588b03485c2851f6e193b743e15c2b2a0c5971f47b765fd85ae2cb34442d9e4695e48b1f4b4371b58f58aea2e943f81103f75aab51199f35fdadf61082d692
7
+ data.tar.gz: a4ca3bdeed413a75d642f1d6acd59c9b93b06cf247c8e4ab6b54a4a07d528e38fc6054fd4af6bb88ad03d42c9c9caaf517943e226d8328dc60b546518f45add4
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- better_content_security_policy (0.1.2)
4
+ better_content_security_policy (0.1.3)
5
5
  rails (>= 5.0.0)
6
6
 
7
7
  GEM
@@ -84,11 +84,11 @@ GEM
84
84
  marcel (1.0.2)
85
85
  method_source (1.0.0)
86
86
  mini_mime (1.1.2)
87
+ mini_portile2 (2.6.1)
87
88
  minitest (5.15.0)
88
89
  nio4r (2.5.8)
89
- nokogiri (1.12.5-x86_64-darwin)
90
- racc (~> 1.4)
91
- nokogiri (1.12.5-x86_64-linux)
90
+ nokogiri (1.12.5)
91
+ mini_portile2 (~> 2.6.1)
92
92
  racc (~> 1.4)
93
93
  parallel (1.22.1)
94
94
  parser (3.1.2.1)
@@ -173,6 +173,7 @@ GEM
173
173
  zeitwerk (2.6.1)
174
174
 
175
175
  PLATFORMS
176
+ arm64-darwin-22
176
177
  x86_64-darwin-21
177
178
  x86_64-linux
178
179
 
data/README.md CHANGED
@@ -25,11 +25,13 @@ If bundler is not being used to manage dependencies, install the gem by executin
25
25
 
26
26
  ## Usage
27
27
 
28
- Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`:
28
+ Include the `BetterContentSecurityPolicy::HasContentSecurityPolicy` concern in your `ApplicationController`,
29
+ and the line `after_action :set_content_security_policy_header`.
29
30
 
30
31
  ```ruby
31
32
  class ApplicationController < ActionController::Base
32
33
  include BetterContentSecurityPolicy::HasContentSecurityPolicy
34
+ after_action :set_content_security_policy_header, if: -> { request.format.html? }
33
35
  ```
34
36
 
35
37
  Define a `#configure_content_security_policy` method in `ApplicationController` to configure the default `Content-Security-Policy` rules:
@@ -12,15 +12,21 @@ module BetterContentSecurityPolicy
12
12
  default-src
13
13
  font-src
14
14
  form-action
15
+ frame-ancestors
15
16
  frame-src
16
17
  img-src
17
18
  manifest-src
18
19
  media-src
19
- navigate-to
20
20
  object-src
21
21
  prefetch-src
22
+ require-trusted-types-for
22
23
  script-src
24
+ script-src-attr
25
+ script-src-elem
23
26
  style-src
27
+ style-src-attr
28
+ style-src-elem
29
+ trusted-types
24
30
  worker-src
25
31
  ].freeze
26
32
 
@@ -31,6 +37,8 @@ module BetterContentSecurityPolicy
31
37
  http
32
38
  https
33
39
  mediastream
40
+ ws
41
+ wss
34
42
  ].freeze
35
43
 
36
44
  QUOTED_SOURCES = %w[
@@ -39,7 +47,10 @@ module BetterContentSecurityPolicy
39
47
  unsafe-eval
40
48
  unsafe-hashes
41
49
  unsafe-inline
42
- wasm-unsafe-eval
50
+ allow-duplicates
51
+ report-sample
52
+ script
53
+ strict-dynamic
43
54
  ].freeze
44
55
 
45
56
  attr_accessor :directives, :report_uri, :report_only
@@ -65,8 +76,8 @@ module BetterContentSecurityPolicy
65
76
  @directives[directive]
66
77
  end
67
78
 
68
- def respond_to_missing?(directive)
69
- valid_directive?(directive)
79
+ def respond_to_missing?(directive, include_all = false)
80
+ valid_directive?(directive) || super
70
81
  end
71
82
 
72
83
  # Converts sources from our Ruby DSL (camelcase) into proper Content-Security-Policy sources.
@@ -6,6 +6,7 @@ module BetterContentSecurityPolicy
6
6
  # Include this module in your ApplicationController to configure a dynamic Content Security Policy.
7
7
  # The header will be set in an after_action after the response has been rendered.
8
8
  # This means that you can also modify the policy in your views.
9
+ # You must call 'after_action :set_content_security_policy_header' in your own controller.
9
10
  module HasContentSecurityPolicy
10
11
  extend ActiveSupport::Concern
11
12
 
@@ -14,7 +15,6 @@ module BetterContentSecurityPolicy
14
15
 
15
16
  helper_method :content_security_policy
16
17
  before_action :configure_content_security_policy
17
- after_action :set_content_security_policy_header
18
18
  end
19
19
 
20
20
  def content_security_policy
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BetterContentSecurityPolicy
4
- VERSION = "0.1.2"
4
+ VERSION = "0.1.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: better_content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Broadbent
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-10-11 00:00:00.000000000 Z
11
+ date: 2023-11-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -43,7 +43,6 @@ files:
43
43
  - LICENSE.txt
44
44
  - README.md
45
45
  - Rakefile
46
- - better_content_security_policy.gemspec
47
46
  - lib/better_content_security_policy.rb
48
47
  - lib/better_content_security_policy/content_security_policy.rb
49
48
  - lib/better_content_security_policy/has_content_security_policy.rb
@@ -73,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
73
72
  - !ruby/object:Gem::Version
74
73
  version: '0'
75
74
  requirements: []
76
- rubygems_version: 3.3.22
75
+ rubygems_version: 3.4.19
77
76
  signing_key:
78
77
  specification_version: 4
79
78
  summary: Configure a dynamic Content-Security-Policy header that you can customize
@@ -1,41 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require_relative "lib/better_content_security_policy/version"
4
-
5
- Gem::Specification.new do |spec|
6
- spec.name = "better_content_security_policy"
7
- spec.version = BetterContentSecurityPolicy::VERSION
8
- spec.authors = ["Nathan Broadbent"]
9
- spec.email = ["nathan@docspring.com"]
10
-
11
- spec.summary = "Configure a dynamic Content-Security-Policy header that you can customize in your controllers."
12
- spec.description = "This gem makes it easy to configure a dynamic Content-Security-Policy header " \
13
- "for your Rails application. You can easily customize the rules in your controllers, " \
14
- "and you can also update the rules in your views."
15
- spec.homepage = "https://github.com/DocSpring/better_content_security_policy"
16
- spec.license = "MIT"
17
- spec.required_ruby_version = ">= 2.5.0"
18
-
19
- # spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
20
-
21
- spec.metadata["homepage_uri"] = spec.homepage
22
- spec.metadata["source_code_uri"] = "https://github.com/DocSpring/better_content_security_policy"
23
- spec.metadata["changelog_uri"] = "https://github.com/DocSpring/better_content_security_policy/blob/master/CHANGELOG.md"
24
-
25
- # Specify which files should be added to the gem when it is released.
26
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
27
- spec.files = Dir.chdir(__dir__) do
28
- `git ls-files -z`.split("\x0").reject do |f|
29
- (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
30
- end
31
- end
32
- spec.bindir = "exe"
33
- spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
34
- spec.require_paths = ["lib"]
35
-
36
- # For more information and examples about making a new gem, check out our
37
- # guide at: https://bundler.io/guides/creating_gem.html
38
- spec.metadata["rubygems_mfa_required"] = "true"
39
-
40
- spec.add_dependency "rails", ">= 5.0.0"
41
- end