bridgetown-content-security-policy 1.0.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3e351af829a35641581be3e470fa4f78a5ebb041c8c8474376e73cc409fa595
-  data.tar.gz: b0e54b5d25568a18cf5ddd85e1958c94f4c9bcbb9f65de1df6bd21900a4ec27f
+  metadata.gz: 3f75a1bfbb00c754a13f87bc07d494e8fd5a73bc18ff032124407ba6c2d410ce
+  data.tar.gz: 824961a6500068aa87074b8cf9bab87d2baf6732ece45f950069aa5b19422b65
 SHA512:
-  metadata.gz: 4aa5d832289b2bb28a918969afc7d5af0595241aaecfa145092b521180700f84309bb66b0e0466722c6d370992bd89d8c46aee30f22df843411df8a09d8c0414
-  data.tar.gz: e45993e4d39e9645a444240eef1175a153037dc524755b002d46223449a94fade0da020742084e2deea0331967df98ba8dc4df3b9a2442bf2479a17008b4deb6
+  metadata.gz: 1fd88f9d078a63758bbe6d326af1d934b365160d64a29520f217595082d6f2b303fac4751cf3aa91def8e157c1af6bd3084173fc4cbd180b19ede8ac83970d7f
+  data.tar.gz: 9834a964cfc7f603010970637b0f399450d76e256abc0a46e71c43d94bc3eafda6135cc84069907fd08847b5ac2447275a634a67512fcd25b81a702adfd70a20

data/.github/workflows/tests.yml

@@ -0,0 +1,32 @@
+name: Tests
+
+on:
+  pull_request:
+    branches:
+      - "*"
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby_version: [2.7.7, 3.0.5, 3.1.3, 3.2.0]
+        bridgetown_version: [1.0.0, 1.1.0]
+    continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
+    # Has to be top level to cache properly
+    env:
+      BUNDLE_JOBS: 3
+      BUNDLE_PATH: "vendor/bundle"
+      BRIDGETOWN_VERSION: ${{ matrix.bridgetown_version }}
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby_version }}
+          bundler-cache: true
+      - name: Test with Rake
+        run: script/cibuild

data/.gitignore

@@ -39,3 +39,5 @@ test/dest
 
 # macOS
 .DS_Store
+
+.byebug_history

data/CHANGELOG.md

@@ -1,5 +1,25 @@
 # main
 
+# 1.2.0 / 23-01-2023
+
+* Require Bridgetown 1.0 or newer.
+* Require Ruby 2.7 or newer.
+* Remove BrowserSync permission as Bridgetown no longer uses it.
+
+# 1.1.0 / 08-06-2021
+
+* Change location of CSP config file to `config/`.
+* Fix issue where escaped HTML was output in ERB templates.
+
+# 1.0.0 / 19-01-2021
+
+* Permit browsersync in development in the default policy
+* Add helper for tilt based templates
+
+# 0.1.1 / 13-01-2021
+
+* Fix syntax
+
 # 0.1.0 / 13-01-2021
 
 * First version

data/Gemfile

@@ -5,10 +5,13 @@ gemspec
 
 gem "bridgetown", ENV["BRIDGETOWN_VERSION"] if ENV["BRIDGETOWN_VERSION"]
 
+group :development, :test do
+  gem "byebug"
+end
+
 group :test do
   gem "minitest"
   gem "minitest-profile"
   gem "minitest-reporters"
   gem "shoulda"
-end
-
+end

data/README.md

@@ -1,5 +1,8 @@
 # Bridgetown Content Security Policy
 
+[![Tests](https://github.com/ayushn21/bridgetown-content-security-policy/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/ayushn21/bridgetown-content-security-policy/actions/workflows/tests.yml)
+[![Gem Version](https://badge.fury.io/rb/bridgetown-content-security-policy.svg)](https://badge.fury.io/rb/bridgetown-content-security-policy)
+
 A Bridgetown plugin to include a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) as a meta tag on all your pages.
 
 ## Installation
@@ -14,7 +17,7 @@ $ bundle exec bridgetown apply https://github.com/ayushn21/bridgetown-content-se
 
 The plugin allows you to define one or more Content Security Policies using a convenient Ruby DSL.
 
-The installation should create a `content_security_policy.config.rb` file in your project root. More info about the DSL is contained in the file.
+The installation should create a `content_security_policy.config.rb` file in your project's `config` directory. More info about the DSL is contained in the file.
 
 You can define a specific CSP for pages by setting `content_security_policy:` in your frontmatter; and then defining the relevent CSP in `content_security_policy.config.rb`.
 
@@ -43,3 +46,9 @@ Add the appropriate CSP tag in the `head` tag of **_your layout file_** to inclu
 4. Commit your changes (`git commit -am 'Add some feature'`)
 5. Push to the branch (`git push origin my-new-feature`)
 6. Create a new Pull Request
+
+## License
+
+Bridgetown Content Security Policy is released under the [MIT License](https://opensource.org/licenses/MIT).
+
+Copyright © 2021 [Ayush Newatia](https://twitter.com/ayushn21)

data/bridgetown-content-security-policy.gemspec

@@ -16,12 +16,12 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.metadata      = {}
 
-  spec.required_ruby_version = ">= 2.5.0"
+  spec.required_ruby_version = ">= 2.7.0"
 
-  spec.add_dependency "bridgetown", ">= 0.18", "< 2.0"
+  spec.add_dependency "bridgetown", ">= 1.0", "< 2.0"
 
   spec.add_development_dependency "bundler"
-  spec.add_development_dependency "nokogiri", "~> 1.6"
-  spec.add_development_dependency "rake", "~> 12.0"
-  spec.add_development_dependency "rubocop-bridgetown", "~> 0.2"
+  spec.add_development_dependency "nokogiri"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rubocop-bridgetown"
 end

data/bridgetown.automation.rb

@@ -2,7 +2,7 @@ say_status :content_security_policy, "Installing the bridgetown-content-security
 
 add_bridgetown_plugin "bridgetown-content-security-policy"
 
-create_file "content_security_policy.config.rb" do
+create_file "config/content_security_policy.config.rb" do
   <<~RUBY
   # The recommended default Content Security Policy
 
@@ -10,9 +10,6 @@ create_file "content_security_policy.config.rb" do
       policy.default_src :self
       policy.img_src     :self, :data
       policy.object_src  :none
-
-      # Allow BrowserSync in development
-      policy.script_src  :self, :unsafe_inline if Bridgetown.environment.development?
   end
 
   # All other policies with inherit from :default

data/lib/bridgetown-content-security-policy/builder.rb

@@ -9,7 +9,7 @@ module BridgetownContentSecurityPolicy
 
   class Builder < Bridgetown::Builder
     def build
-      require_relative site.in_root_dir("content_security_policy.config.rb")
+      require_relative site.in_root_dir("config", "content_security_policy.config.rb")
 
       unless default_policy
         # rubocop:disable Layout/LineLength
@@ -49,7 +49,7 @@ module BridgetownContentSecurityPolicy
     end
 
     def markup_for_policy(policy)
-      "<meta http-equiv=\"Content-Security-Policy\" content=\"#{policy.build}\">"
+      "<meta http-equiv=\"Content-Security-Policy\" content=\"#{policy.build}\">".html_safe
     end
 
     def default_policy

data/lib/bridgetown-content-security-policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BridgetownContentSecurityPolicy
-  VERSION = "1.0.0"
+  VERSION = "1.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bridgetown-content-security-policy
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Ayush Newatia
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-19 00:00:00.000000000 Z
+date: 2023-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bridgetown
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.18'
+        version: '1.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.18'
+        version: '1.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
@@ -48,50 +48,51 @@ dependencies:
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop-bridgetown
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.2'
-description: 
+        version: '0'
+description:
 email: ayush@hey.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/tests.yml"
 - ".gitignore"
 - ".rubocop.yml"
 - CHANGELOG.md
@@ -109,7 +110,7 @@ homepage: https://github.com/ayushn21/bridgetown-content-security-policy
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -117,15 +118,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.33
+signing_key:
 specification_version: 4
 summary: Add a content security policy to your website using a convenient Ruby DSL
 test_files: []