better_content_security_policy 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2279cf6665b6afbe530676d3416595e389659c8290a41b6a09dde1841b400ef6
4
- data.tar.gz: c4aa540132d0606d0b2748eaa2dad38fc9b7f3122777c079aa10742a5fe3198b
3
+ metadata.gz: 42a95999c8944222bf7dcc5d97ee24f7cbb1a665095086adbe873bc9b4699f14
4
+ data.tar.gz: 69bc62d14e29971d1f2a64f99bb5c295520a2669c3ed3b0688a345504376d3c1
5
5
  SHA512:
6
- metadata.gz: 26dffa1cf6fbeadf3402d4f222b7a9d9b94a2ba0175a52f308cb34530bd7d178900b4de83cee0c4fc80cbc51be7dd58306cd81045a726b7ca2300cec9b5d9280
7
- data.tar.gz: '0018cb0d86aa3cca6b58b7148a4ffbc760261f119732b4b03acd1a95762467d2387505efebbaf92c4ec592fea895e2c07272c6212f26232d9bfdf455dd4eed5b'
6
+ metadata.gz: 89588b03485c2851f6e193b743e15c2b2a0c5971f47b765fd85ae2cb34442d9e4695e48b1f4b4371b58f58aea2e943f81103f75aab51199f35fdadf61082d692
7
+ data.tar.gz: a4ca3bdeed413a75d642f1d6acd59c9b93b06cf247c8e4ab6b54a4a07d528e38fc6054fd4af6bb88ad03d42c9c9caaf517943e226d8328dc60b546518f45add4
data/Gemfile.lock CHANGED
@@ -84,11 +84,11 @@ GEM
84
84
  marcel (1.0.2)
85
85
  method_source (1.0.0)
86
86
  mini_mime (1.1.2)
87
+ mini_portile2 (2.6.1)
87
88
  minitest (5.15.0)
88
89
  nio4r (2.5.8)
89
- nokogiri (1.12.5-x86_64-darwin)
90
- racc (~> 1.4)
91
- nokogiri (1.12.5-x86_64-linux)
90
+ nokogiri (1.12.5)
91
+ mini_portile2 (~> 2.6.1)
92
92
  racc (~> 1.4)
93
93
  parallel (1.22.1)
94
94
  parser (3.1.2.1)
@@ -173,6 +173,7 @@ GEM
173
173
  zeitwerk (2.6.1)
174
174
 
175
175
  PLATFORMS
176
+ arm64-darwin-22
176
177
  x86_64-darwin-21
177
178
  x86_64-linux
178
179
 
data/README.md CHANGED
@@ -31,7 +31,7 @@ and the line `after_action :set_content_security_policy_header`.
31
31
  ```ruby
32
32
  class ApplicationController < ActionController::Base
33
33
  include BetterContentSecurityPolicy::HasContentSecurityPolicy
34
- after_action :set_content_security_policy_header
34
+ after_action :set_content_security_policy_header, if: -> { request.format.html? }
35
35
  ```
36
36
 
37
37
  Define a `#configure_content_security_policy` method in `ApplicationController` to configure the default `Content-Security-Policy` rules:
@@ -12,15 +12,21 @@ module BetterContentSecurityPolicy
12
12
  default-src
13
13
  font-src
14
14
  form-action
15
+ frame-ancestors
15
16
  frame-src
16
17
  img-src
17
18
  manifest-src
18
19
  media-src
19
- navigate-to
20
20
  object-src
21
21
  prefetch-src
22
+ require-trusted-types-for
22
23
  script-src
24
+ script-src-attr
25
+ script-src-elem
23
26
  style-src
27
+ style-src-attr
28
+ style-src-elem
29
+ trusted-types
24
30
  worker-src
25
31
  ].freeze
26
32
 
@@ -31,6 +37,8 @@ module BetterContentSecurityPolicy
31
37
  http
32
38
  https
33
39
  mediastream
40
+ ws
41
+ wss
34
42
  ].freeze
35
43
 
36
44
  QUOTED_SOURCES = %w[
@@ -39,7 +47,10 @@ module BetterContentSecurityPolicy
39
47
  unsafe-eval
40
48
  unsafe-hashes
41
49
  unsafe-inline
42
- wasm-unsafe-eval
50
+ allow-duplicates
51
+ report-sample
52
+ script
53
+ strict-dynamic
43
54
  ].freeze
44
55
 
45
56
  attr_accessor :directives, :report_uri, :report_only
@@ -65,8 +76,8 @@ module BetterContentSecurityPolicy
65
76
  @directives[directive]
66
77
  end
67
78
 
68
- def respond_to_missing?(directive)
69
- valid_directive?(directive)
79
+ def respond_to_missing?(directive, include_all = false)
80
+ valid_directive?(directive) || super
70
81
  end
71
82
 
72
83
  # Converts sources from our Ruby DSL (camelcase) into proper Content-Security-Policy sources.
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BetterContentSecurityPolicy
4
- VERSION = "0.1.3"
4
+ VERSION = "0.1.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: better_content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Broadbent
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-10-12 00:00:00.000000000 Z
11
+ date: 2023-11-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -43,7 +43,6 @@ files:
43
43
  - LICENSE.txt
44
44
  - README.md
45
45
  - Rakefile
46
- - better_content_security_policy.gemspec
47
46
  - lib/better_content_security_policy.rb
48
47
  - lib/better_content_security_policy/content_security_policy.rb
49
48
  - lib/better_content_security_policy/has_content_security_policy.rb
@@ -73,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
73
72
  - !ruby/object:Gem::Version
74
73
  version: '0'
75
74
  requirements: []
76
- rubygems_version: 3.3.22
75
+ rubygems_version: 3.4.19
77
76
  signing_key:
78
77
  specification_version: 4
79
78
  summary: Configure a dynamic Content-Security-Policy header that you can customize
@@ -1,41 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require_relative "lib/better_content_security_policy/version"
4
-
5
- Gem::Specification.new do |spec|
6
- spec.name = "better_content_security_policy"
7
- spec.version = BetterContentSecurityPolicy::VERSION
8
- spec.authors = ["Nathan Broadbent"]
9
- spec.email = ["nathan@docspring.com"]
10
-
11
- spec.summary = "Configure a dynamic Content-Security-Policy header that you can customize in your controllers."
12
- spec.description = "This gem makes it easy to configure a dynamic Content-Security-Policy header " \
13
- "for your Rails application. You can easily customize the rules in your controllers, " \
14
- "and you can also update the rules in your views."
15
- spec.homepage = "https://github.com/DocSpring/better_content_security_policy"
16
- spec.license = "MIT"
17
- spec.required_ruby_version = ">= 2.5.0"
18
-
19
- # spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
20
-
21
- spec.metadata["homepage_uri"] = spec.homepage
22
- spec.metadata["source_code_uri"] = "https://github.com/DocSpring/better_content_security_policy"
23
- spec.metadata["changelog_uri"] = "https://github.com/DocSpring/better_content_security_policy/blob/master/CHANGELOG.md"
24
-
25
- # Specify which files should be added to the gem when it is released.
26
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
27
- spec.files = Dir.chdir(__dir__) do
28
- `git ls-files -z`.split("\x0").reject do |f|
29
- (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
30
- end
31
- end
32
- spec.bindir = "exe"
33
- spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
34
- spec.require_paths = ["lib"]
35
-
36
- # For more information and examples about making a new gem, check out our
37
- # guide at: https://bundler.io/guides/creating_gem.html
38
- spec.metadata["rubygems_mfa_required"] = "true"
39
-
40
- spec.add_dependency "rails", ">= 5.0.0"
41
- end