bridgetown-content-security-policy 0.1.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/README.md +11 -3
- data/bridgetown.automation.rb +5 -2
- data/lib/bridgetown-content-security-policy/builder.rb +15 -5
- data/lib/bridgetown-content-security-policy/version.rb +1 -1
- metadata +2 -3
- data/.DS_Store +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c3e351af829a35641581be3e470fa4f78a5ebb041c8c8474376e73cc409fa595
|
|
4
|
+
data.tar.gz: b0e54b5d25568a18cf5ddd85e1958c94f4c9bcbb9f65de1df6bd21900a4ec27f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4aa5d832289b2bb28a918969afc7d5af0595241aaecfa145092b521180700f84309bb66b0e0466722c6d370992bd89d8c46aee30f22df843411df8a09d8c0414
|
|
7
|
+
data.tar.gz: e45993e4d39e9645a444240eef1175a153037dc524755b002d46223449a94fade0da020742084e2deea0331967df98ba8dc4df3b9a2442bf2479a17008b4deb6
|
data/.gitignore
CHANGED
data/README.md
CHANGED
|
@@ -16,12 +16,20 @@ The plugin allows you to define one or more Content Security Policies using a co
|
|
|
16
16
|
|
|
17
17
|
The installation should create a `content_security_policy.config.rb` file in your project root. More info about the DSL is contained in the file.
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
You can also define a specific CSP for pages by setting `content_security_policy:` in your frontmatter; and then defining the relevent CSP in `content_security_policy.config.rb`.
|
|
19
|
+
You can define a specific CSP for pages by setting `content_security_policy:` in your frontmatter; and then defining the relevent CSP in `content_security_policy.config.rb`.
|
|
22
20
|
|
|
23
21
|
All page specific CSPs will inherit from the `default` CSP.
|
|
24
22
|
|
|
23
|
+
### Including the CSP on your web pages
|
|
24
|
+
|
|
25
|
+
You'll need to add a `content_security_policy` tag to your **layout file(s)** to include the CSP meta tag in all your pages. This plugin supports *Liquid*, *ERB* and other Tilt based templating languages like *HAML* or *Slim*.
|
|
26
|
+
|
|
27
|
+
- **Liquid templates**: `{% content_security_policy %}`
|
|
28
|
+
- **ERB**: `<%= content_security_policy %>`
|
|
29
|
+
|
|
30
|
+
Add the appropriate CSP tag in the `head` tag of **_your layout file_** to include the CSP on all your pages.
|
|
31
|
+
|
|
32
|
+
|
|
25
33
|
## Testing
|
|
26
34
|
|
|
27
35
|
* Run `bundle exec rake test` to run the test suite
|
data/bridgetown.automation.rb
CHANGED
|
@@ -4,18 +4,21 @@ add_bridgetown_plugin "bridgetown-content-security-policy"
|
|
|
4
4
|
|
|
5
5
|
create_file "content_security_policy.config.rb" do
|
|
6
6
|
<<~RUBY
|
|
7
|
-
# The recommended default Content Security Policy
|
|
7
|
+
# The recommended default Content Security Policy
|
|
8
8
|
|
|
9
9
|
BridgetownContentSecurityPolicy.configure :default do |policy|
|
|
10
10
|
policy.default_src :self
|
|
11
11
|
policy.img_src :self, :data
|
|
12
12
|
policy.object_src :none
|
|
13
|
+
|
|
14
|
+
# Allow BrowserSync in development
|
|
15
|
+
policy.script_src :self, :unsafe_inline if Bridgetown.environment.development?
|
|
13
16
|
end
|
|
14
17
|
|
|
15
18
|
# All other policies with inherit from :default
|
|
16
19
|
# To allow inline styles on certain pages, we can define the following
|
|
17
20
|
# policy which inherits all the values from :default and defines a style_src
|
|
18
|
-
#
|
|
21
|
+
#
|
|
19
22
|
# BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
|
|
20
23
|
# policy.style_src :self, :unsafe_inline
|
|
21
24
|
# end
|
|
@@ -18,15 +18,25 @@ module BridgetownContentSecurityPolicy
|
|
|
18
18
|
# rubocop:enable Layout/LineLength
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
liquid_tag "content_security_policy",
|
|
21
|
+
liquid_tag "content_security_policy" do |_attributes, tag|
|
|
22
|
+
render tag.context["page"]["content_security_policy"]
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
helper "_csp" do |policy_name|
|
|
26
|
+
render policy_name
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
helper "content_security_policy", helpers_scope: true do
|
|
30
|
+
_csp view.page.data.content_security_policy
|
|
31
|
+
end
|
|
22
32
|
end
|
|
23
33
|
|
|
24
34
|
private
|
|
25
35
|
|
|
26
|
-
def render(
|
|
36
|
+
def render(policy_name = nil)
|
|
27
37
|
return "" unless default_policy
|
|
28
38
|
|
|
29
|
-
page_specific_policy_name =
|
|
39
|
+
page_specific_policy_name = policy_name&.to_sym
|
|
30
40
|
page_specific_policy = BridgetownContentSecurityPolicy.policies[page_specific_policy_name]
|
|
31
41
|
|
|
32
42
|
if page_specific_policy_name && page_specific_policy.nil?
|
|
@@ -35,10 +45,10 @@ module BridgetownContentSecurityPolicy
|
|
|
35
45
|
|
|
36
46
|
policy = default_policy.merge(page_specific_policy)
|
|
37
47
|
|
|
38
|
-
|
|
48
|
+
markup_for_policy policy
|
|
39
49
|
end
|
|
40
50
|
|
|
41
|
-
def
|
|
51
|
+
def markup_for_policy(policy)
|
|
42
52
|
"<meta http-equiv=\"Content-Security-Policy\" content=\"#{policy.build}\">"
|
|
43
53
|
end
|
|
44
54
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bridgetown-content-security-policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ayush Newatia
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-01-
|
|
11
|
+
date: 2021-01-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bridgetown
|
|
@@ -92,7 +92,6 @@ executables: []
|
|
|
92
92
|
extensions: []
|
|
93
93
|
extra_rdoc_files: []
|
|
94
94
|
files:
|
|
95
|
-
- ".DS_Store"
|
|
96
95
|
- ".gitignore"
|
|
97
96
|
- ".rubocop.yml"
|
|
98
97
|
- CHANGELOG.md
|
data/.DS_Store
DELETED
|
Binary file
|