better_content_security_policy 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +4 -3
  3. data/README.md +1 -1
  4. data/lib/better_content_security_policy/content_security_policy.rb +15 -4
  5. data/lib/better_content_security_policy/version.rb +1 -1
  6. metadata +3 -4
  7. data/better_content_security_policy.gemspec +0 -41
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2279cf6665b6afbe530676d3416595e389659c8290a41b6a09dde1841b400ef6
4
- data.tar.gz: c4aa540132d0606d0b2748eaa2dad38fc9b7f3122777c079aa10742a5fe3198b
3
+ metadata.gz: 42a95999c8944222bf7dcc5d97ee24f7cbb1a665095086adbe873bc9b4699f14
4
+ data.tar.gz: 69bc62d14e29971d1f2a64f99bb5c295520a2669c3ed3b0688a345504376d3c1
5
5
  SHA512:
6
- metadata.gz: 26dffa1cf6fbeadf3402d4f222b7a9d9b94a2ba0175a52f308cb34530bd7d178900b4de83cee0c4fc80cbc51be7dd58306cd81045a726b7ca2300cec9b5d9280
7
- data.tar.gz: '0018cb0d86aa3cca6b58b7148a4ffbc760261f119732b4b03acd1a95762467d2387505efebbaf92c4ec592fea895e2c07272c6212f26232d9bfdf455dd4eed5b'
6
+ metadata.gz: 89588b03485c2851f6e193b743e15c2b2a0c5971f47b765fd85ae2cb34442d9e4695e48b1f4b4371b58f58aea2e943f81103f75aab51199f35fdadf61082d692
7
+ data.tar.gz: a4ca3bdeed413a75d642f1d6acd59c9b93b06cf247c8e4ab6b54a4a07d528e38fc6054fd4af6bb88ad03d42c9c9caaf517943e226d8328dc60b546518f45add4
data/Gemfile.lock CHANGED
@@ -84,11 +84,11 @@ GEM
84
84
  marcel (1.0.2)
85
85
  method_source (1.0.0)
86
86
  mini_mime (1.1.2)
87
+ mini_portile2 (2.6.1)
87
88
  minitest (5.15.0)
88
89
  nio4r (2.5.8)
89
- nokogiri (1.12.5-x86_64-darwin)
90
- racc (~> 1.4)
91
- nokogiri (1.12.5-x86_64-linux)
90
+ nokogiri (1.12.5)
91
+ mini_portile2 (~> 2.6.1)
92
92
  racc (~> 1.4)
93
93
  parallel (1.22.1)
94
94
  parser (3.1.2.1)
@@ -173,6 +173,7 @@ GEM
173
173
  zeitwerk (2.6.1)
174
174
 
175
175
  PLATFORMS
176
+ arm64-darwin-22
176
177
  x86_64-darwin-21
177
178
  x86_64-linux
178
179
 
data/README.md CHANGED
@@ -31,7 +31,7 @@ and the line `after_action :set_content_security_policy_header`.
31
31
  ```ruby
32
32
  class ApplicationController < ActionController::Base
33
33
  include BetterContentSecurityPolicy::HasContentSecurityPolicy
34
- after_action :set_content_security_policy_header
34
+ after_action :set_content_security_policy_header, if: -> { request.format.html? }
35
35
  ```
36
36
 
37
37
  Define a `#configure_content_security_policy` method in `ApplicationController` to configure the default `Content-Security-Policy` rules:
data/lib/better_content_security_policy/content_security_policy.rb CHANGED
@@ -12,15 +12,21 @@ module BetterContentSecurityPolicy
12
12
  default-src
13
13
  font-src
14
14
  form-action
15
+ frame-ancestors
15
16
  frame-src
16
17
  img-src
17
18
  manifest-src
18
19
  media-src
19
- navigate-to
20
20
  object-src
21
21
  prefetch-src
22
+ require-trusted-types-for
22
23
  script-src
24
+ script-src-attr
25
+ script-src-elem
23
26
  style-src
27
+ style-src-attr
28
+ style-src-elem
29
+ trusted-types
24
30
  worker-src
25
31
  ].freeze
26
32
 
@@ -31,6 +37,8 @@ module BetterContentSecurityPolicy
31
37
  http
32
38
  https
33
39
  mediastream
40
+ ws
41
+ wss
34
42
  ].freeze
35
43
 
36
44
  QUOTED_SOURCES = %w[
@@ -39,7 +47,10 @@ module BetterContentSecurityPolicy
39
47
  unsafe-eval
40
48
  unsafe-hashes
41
49
  unsafe-inline
42
- wasm-unsafe-eval
50
+ allow-duplicates
51
+ report-sample
52
+ script
53
+ strict-dynamic
43
54
  ].freeze
44
55
 
45
56
  attr_accessor :directives, :report_uri, :report_only
@@ -65,8 +76,8 @@ module BetterContentSecurityPolicy
65
76
  @directives[directive]
66
77
  end
67
78
 
68
- def respond_to_missing?(directive)
69
- valid_directive?(directive)
79
+ def respond_to_missing?(directive, include_all = false)
80
+ valid_directive?(directive) || super
70
81
  end
71
82
 
72
83
  # Converts sources from our Ruby DSL (camelcase) into proper Content-Security-Policy sources.
data/lib/better_content_security_policy/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BetterContentSecurityPolicy
4
- VERSION = "0.1.3"
4
+ VERSION = "0.1.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: better_content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Broadbent
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-10-12 00:00:00.000000000 Z
11
+ date: 2023-11-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -43,7 +43,6 @@ files:
43
43
  - LICENSE.txt
44
44
  - README.md
45
45
  - Rakefile
46
- - better_content_security_policy.gemspec
47
46
  - lib/better_content_security_policy.rb
48
47
  - lib/better_content_security_policy/content_security_policy.rb
49
48
  - lib/better_content_security_policy/has_content_security_policy.rb
@@ -73,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
73
72
  - !ruby/object:Gem::Version
74
73
  version: '0'
75
74
  requirements: []
76
- rubygems_version: 3.3.22
75
+ rubygems_version: 3.4.19
77
76
  signing_key:
78
77
  specification_version: 4
79
78
  summary: Configure a dynamic Content-Security-Policy header that you can customize
data/better_content_security_policy.gemspec DELETED
@@ -1,41 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require_relative "lib/better_content_security_policy/version"
4
-
5
- Gem::Specification.new do |spec|
6
- spec.name = "better_content_security_policy"
7
- spec.version = BetterContentSecurityPolicy::VERSION
8
- spec.authors = ["Nathan Broadbent"]
9
- spec.email = ["nathan@docspring.com"]
10
-
11
- spec.summary = "Configure a dynamic Content-Security-Policy header that you can customize in your controllers."
12
- spec.description = "This gem makes it easy to configure a dynamic Content-Security-Policy header " \
13
- "for your Rails application. You can easily customize the rules in your controllers, " \
14
- "and you can also update the rules in your views."
15
- spec.homepage = "https://github.com/DocSpring/better_content_security_policy"
16
- spec.license = "MIT"
17
- spec.required_ruby_version = ">= 2.5.0"
18
-
19
- # spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
20
-
21
- spec.metadata["homepage_uri"] = spec.homepage
22
- spec.metadata["source_code_uri"] = "https://github.com/DocSpring/better_content_security_policy"
23
- spec.metadata["changelog_uri"] = "https://github.com/DocSpring/better_content_security_policy/blob/master/CHANGELOG.md"
24
-
25
- # Specify which files should be added to the gem when it is released.
26
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
27
- spec.files = Dir.chdir(__dir__) do
28
- `git ls-files -z`.split("\x0").reject do |f|
29
- (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
30
- end
31
- end
32
- spec.bindir = "exe"
33
- spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
34
- spec.require_paths = ["lib"]
35
-
36
- # For more information and examples about making a new gem, check out our
37
- # guide at: https://bundler.io/guides/creating_gem.html
38
- spec.metadata["rubygems_mfa_required"] = "true"
39
-
40
- spec.add_dependency "rails", ">= 5.0.0"
41
- end