bridgetown-content-security-policy 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/bridgetown-content-security-policy.gemspec +2 -2
  3. data/bridgetown.automation.rb +33 -1
  4. data/lib/bridgetown-content-security-policy/version.rb +1 -1
  5. metadata +4 -5
  6. data/templates/content_security_policy.config.rb +0 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ce83a05c8a7eecd5f4f48d4e7cfcf6b85fc523f7dc50c9450296430500a21db3
4
- data.tar.gz: aa48a40dda361021a71ac67295ec6c702140fb5150dc541827d134038d786bc9
3
+ metadata.gz: 292cea094aafa8dee2b33e25a254763b873bbbc0dea3071b3efa9708cb326e88
4
+ data.tar.gz: 344305e3fea005fc0534d83587d307de52f59b924a0e95e5688880e02eecf0a4
5
5
  SHA512:
6
- metadata.gz: ebf42495d3701613d9ce87225a801df3f0b3f5779fb83a7385fb2722c94cc045444e15db29335920eea6da78e58040a055a3362f364dd29fe800f770d5a8d1fc
7
- data.tar.gz: 763fd7f7c7b5c6ecd63127411c76aa5eae0837e43755c202615ea3064228f552f6e07f8f364ccb232c368829f82f0a7d245eabcdcc1c65f6814ef64e44dde57b
6
+ metadata.gz: feb6637a476c50ee50ac2c9ed8068bfd83afbd4ac30754284b5a80ac5e76b2b9349ef3138ab1b5b708af50460324815bda080f90f69c85f5295ab6ba19646532
7
+ data.tar.gz: 897c577c9924d0bf602c1b1acfd8d6caecfaeb981458e517e538a2d2bad17f19fae2dfb03288fc5885b0a8b281a70d7c16426d620ef912c41f4ace318ca86f50
data/bridgetown-content-security-policy.gemspec CHANGED
@@ -7,7 +7,7 @@ Gem::Specification.new do |spec|
7
7
  spec.version = BridgetownContentSecurityPolicy::VERSION
8
8
  spec.author = "Ayush Newatia"
9
9
  spec.email = "ayush@hey.com"
10
- spec.summary = "Add a content security policy to your website using Ruby"
10
+ spec.summary = "Add a content security policy to your website using a convenient Ruby DSL"
11
11
  spec.homepage = "https://github.com/ayushn21/bridgetown-content-security-policy"
12
12
  spec.license = "MIT"
13
13
 
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
18
18
 
19
19
  spec.required_ruby_version = ">= 2.5.0"
20
20
 
21
- spec.add_dependency "bridgetown", ">= 0.15", "< 2.0"
21
+ spec.add_dependency "bridgetown", ">= 0.18", "< 2.0"
22
22
 
23
23
  spec.add_development_dependency "bundler"
24
24
  spec.add_development_dependency "nokogiri", "~> 1.6"
data/bridgetown.automation.rb CHANGED
@@ -2,7 +2,39 @@ say_status :content_security_policy, "Installing the bridgetown-content-security
2
2
 
3
3
  add_bridgetown_plugin "bridgetown-content-security-policy"
4
4
 
5
- copy_file "./templates/content_security_policy.config.rb", "content_security_policy.config.rb"
5
+ create_file "content_security_policy.config.rb" do
6
+ <<~RUBY
7
+ # The recommended default Content Security Policy
8
+
9
+ BridgetownContentSecurityPolicy.configure :default do |policy|
10
+ policy.default_src :self
11
+ policy.img_src :self, :data
12
+ policy.object_src :none
13
+ end
14
+
15
+ # All other policies with inherit from :default
16
+ # To allow inline styles on certain pages, we can define the following
17
+ # policy which inherits all the values from :default and defines a style_src
18
+ #
19
+ # BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
20
+ # policy.style_src :self, :unsafe_inline
21
+ # end
22
+
23
+
24
+ # This is an example of a more complex policy demonstrating the DSL
25
+ # For further information see the following documentation
26
+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
27
+
28
+ # BridgetownContentSecurityPolicy.configure :default do |policy|
29
+ # policy.default_src :self
30
+ # policy.font_src :self, :https, :data
31
+ # policy.img_src :self, :https, :data
32
+ # policy.object_src :none
33
+ # policy.script_src :self, :https
34
+ # policy.style_src :self, :https
35
+ # end
36
+ RUBY
37
+ end
6
38
 
7
39
  say_status :content_security_policy, "All done! Please add {% content_security_policy %} to the head tag in your layouts."
8
40
  say_status :content_security_policy, "Please see the new content_security_policy.rb file for details"
data/lib/bridgetown-content-security-policy/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BridgetownContentSecurityPolicy
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bridgetown-content-security-policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ayush Newatia
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0.15'
19
+ version: '0.18'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: '2.0'
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- version: '0.15'
29
+ version: '0.18'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: '2.0'
@@ -106,7 +106,6 @@ files:
106
106
  - lib/bridgetown-content-security-policy/builder.rb
107
107
  - lib/bridgetown-content-security-policy/policy.rb
108
108
  - lib/bridgetown-content-security-policy/version.rb
109
- - templates/content_security_policy.config.rb
110
109
  homepage: https://github.com/ayushn21/bridgetown-content-security-policy
111
110
  licenses:
112
111
  - MIT
@@ -129,5 +128,5 @@ requirements: []
129
128
  rubygems_version: 3.1.4
130
129
  signing_key:
131
130
  specification_version: 4
132
- summary: Add a content security policy to your website using Ruby
131
+ summary: Add a content security policy to your website using a convenient Ruby DSL
133
132
  test_files: []
data/templates/content_security_policy.config.rb DELETED
@@ -1,29 +0,0 @@
1
- # The recommended default Content Security Policy
2
-
3
- BridgetownContentSecurityPolicy.configure :default do |policy|
4
- policy.default_src :self
5
- policy.img_src :self, :data
6
- policy.object_src :none
7
- end
8
-
9
- # All other policies with inherit from :default
10
- # To allow inline styles on certain pages, we can define the following
11
- # policy which inherits all the values from :default and defines a style_src
12
- #
13
- # BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
14
- # policy.style_src :self, :unsafe_inline
15
- # end
16
-
17
-
18
- # This is an example of a more complex policy demonstrating the DSL
19
- # For further information see the following documentation
20
- # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
21
-
22
- # BridgetownContentSecurityPolicy.configure :default do |policy|
23
- # policy.default_src :self
24
- # policy.font_src :self, :https, :data
25
- # policy.img_src :self, :https, :data
26
- # policy.object_src :none
27
- # policy.script_src :self, :https
28
- # policy.style_src :self, :https
29
- # end