bridgetown-content-security-policy 0.1.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/README.md +11 -3
- data/bridgetown.automation.rb +5 -2
- data/lib/bridgetown-content-security-policy/builder.rb +15 -5
- data/lib/bridgetown-content-security-policy/version.rb +1 -1
- metadata +2 -3
- data/.DS_Store +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c3e351af829a35641581be3e470fa4f78a5ebb041c8c8474376e73cc409fa595
|
|
4
|
+
data.tar.gz: b0e54b5d25568a18cf5ddd85e1958c94f4c9bcbb9f65de1df6bd21900a4ec27f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4aa5d832289b2bb28a918969afc7d5af0595241aaecfa145092b521180700f84309bb66b0e0466722c6d370992bd89d8c46aee30f22df843411df8a09d8c0414
|
|
7
|
+
data.tar.gz: e45993e4d39e9645a444240eef1175a153037dc524755b002d46223449a94fade0da020742084e2deea0331967df98ba8dc4df3b9a2442bf2479a17008b4deb6
|
data/.gitignore
CHANGED
data/README.md
CHANGED
|
@@ -16,12 +16,20 @@ The plugin allows you to define one or more Content Security Policies using a co
|
|
|
16
16
|
|
|
17
17
|
The installation should create a `content_security_policy.config.rb` file in your project root. More info about the DSL is contained in the file.
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
You can also define a specific CSP for pages by setting `content_security_policy:` in your frontmatter; and then defining the relevent CSP in `content_security_policy.config.rb`.
|
|
19
|
+
You can define a specific CSP for pages by setting `content_security_policy:` in your frontmatter; and then defining the relevent CSP in `content_security_policy.config.rb`.
|
|
22
20
|
|
|
23
21
|
All page specific CSPs will inherit from the `default` CSP.
|
|
24
22
|
|
|
23
|
+
### Including the CSP on your web pages
|
|
24
|
+
|
|
25
|
+
You'll need to add a `content_security_policy` tag to your **layout file(s)** to include the CSP meta tag in all your pages. This plugin supports *Liquid*, *ERB* and other Tilt based templating languages like *HAML* or *Slim*.
|
|
26
|
+
|
|
27
|
+
- **Liquid templates**: `{% content_security_policy %}`
|
|
28
|
+
- **ERB**: `<%= content_security_policy %>`
|
|
29
|
+
|
|
30
|
+
Add the appropriate CSP tag in the `head` tag of **_your layout file_** to include the CSP on all your pages.
|
|
31
|
+
|
|
32
|
+
|
|
25
33
|
## Testing
|
|
26
34
|
|
|
27
35
|
* Run `bundle exec rake test` to run the test suite
|
data/bridgetown.automation.rb
CHANGED
|
@@ -4,18 +4,21 @@ add_bridgetown_plugin "bridgetown-content-security-policy"
|
|
|
4
4
|
|
|
5
5
|
create_file "content_security_policy.config.rb" do
|
|
6
6
|
<<~RUBY
|
|
7
|
-
# The recommended default Content Security Policy
|
|
7
|
+
# The recommended default Content Security Policy
|
|
8
8
|
|
|
9
9
|
BridgetownContentSecurityPolicy.configure :default do |policy|
|
|
10
10
|
policy.default_src :self
|
|
11
11
|
policy.img_src :self, :data
|
|
12
12
|
policy.object_src :none
|
|
13
|
+
|
|
14
|
+
# Allow BrowserSync in development
|
|
15
|
+
policy.script_src :self, :unsafe_inline if Bridgetown.environment.development?
|
|
13
16
|
end
|
|
14
17
|
|
|
15
18
|
# All other policies with inherit from :default
|
|
16
19
|
# To allow inline styles on certain pages, we can define the following
|
|
17
20
|
# policy which inherits all the values from :default and defines a style_src
|
|
18
|
-
#
|
|
21
|
+
#
|
|
19
22
|
# BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
|
|
20
23
|
# policy.style_src :self, :unsafe_inline
|
|
21
24
|
# end
|
|
@@ -18,15 +18,25 @@ module BridgetownContentSecurityPolicy
|
|
|
18
18
|
# rubocop:enable Layout/LineLength
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
liquid_tag "content_security_policy",
|
|
21
|
+
liquid_tag "content_security_policy" do |_attributes, tag|
|
|
22
|
+
render tag.context["page"]["content_security_policy"]
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
helper "_csp" do |policy_name|
|
|
26
|
+
render policy_name
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
helper "content_security_policy", helpers_scope: true do
|
|
30
|
+
_csp view.page.data.content_security_policy
|
|
31
|
+
end
|
|
22
32
|
end
|
|
23
33
|
|
|
24
34
|
private
|
|
25
35
|
|
|
26
|
-
def render(
|
|
36
|
+
def render(policy_name = nil)
|
|
27
37
|
return "" unless default_policy
|
|
28
38
|
|
|
29
|
-
page_specific_policy_name =
|
|
39
|
+
page_specific_policy_name = policy_name&.to_sym
|
|
30
40
|
page_specific_policy = BridgetownContentSecurityPolicy.policies[page_specific_policy_name]
|
|
31
41
|
|
|
32
42
|
if page_specific_policy_name && page_specific_policy.nil?
|
|
@@ -35,10 +45,10 @@ module BridgetownContentSecurityPolicy
|
|
|
35
45
|
|
|
36
46
|
policy = default_policy.merge(page_specific_policy)
|
|
37
47
|
|
|
38
|
-
|
|
48
|
+
markup_for_policy policy
|
|
39
49
|
end
|
|
40
50
|
|
|
41
|
-
def
|
|
51
|
+
def markup_for_policy(policy)
|
|
42
52
|
"<meta http-equiv=\"Content-Security-Policy\" content=\"#{policy.build}\">"
|
|
43
53
|
end
|
|
44
54
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bridgetown-content-security-policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ayush Newatia
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-01-
|
|
11
|
+
date: 2021-01-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bridgetown
|
|
@@ -92,7 +92,6 @@ executables: []
|
|
|
92
92
|
extensions: []
|
|
93
93
|
extra_rdoc_files: []
|
|
94
94
|
files:
|
|
95
|
-
- ".DS_Store"
|
|
96
95
|
- ".gitignore"
|
|
97
96
|
- ".rubocop.yml"
|
|
98
97
|
- CHANGELOG.md
|
data/.DS_Store
DELETED
|
Binary file
|