bridgetown-content-security-policy 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 292cea094aafa8dee2b33e25a254763b873bbbc0dea3071b3efa9708cb326e88
|
|
4
|
+
data.tar.gz: 344305e3fea005fc0534d83587d307de52f59b924a0e95e5688880e02eecf0a4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: feb6637a476c50ee50ac2c9ed8068bfd83afbd4ac30754284b5a80ac5e76b2b9349ef3138ab1b5b708af50460324815bda080f90f69c85f5295ab6ba19646532
|
|
7
|
+
data.tar.gz: 897c577c9924d0bf602c1b1acfd8d6caecfaeb981458e517e538a2d2bad17f19fae2dfb03288fc5885b0a8b281a70d7c16426d620ef912c41f4ace318ca86f50
|
|
@@ -7,7 +7,7 @@ Gem::Specification.new do |spec|
|
|
|
7
7
|
spec.version = BridgetownContentSecurityPolicy::VERSION
|
|
8
8
|
spec.author = "Ayush Newatia"
|
|
9
9
|
spec.email = "ayush@hey.com"
|
|
10
|
-
spec.summary = "Add a content security policy to your website using Ruby"
|
|
10
|
+
spec.summary = "Add a content security policy to your website using a convenient Ruby DSL"
|
|
11
11
|
spec.homepage = "https://github.com/ayushn21/bridgetown-content-security-policy"
|
|
12
12
|
spec.license = "MIT"
|
|
13
13
|
|
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
|
|
19
19
|
spec.required_ruby_version = ">= 2.5.0"
|
|
20
20
|
|
|
21
|
-
spec.add_dependency "bridgetown", ">= 0.
|
|
21
|
+
spec.add_dependency "bridgetown", ">= 0.18", "< 2.0"
|
|
22
22
|
|
|
23
23
|
spec.add_development_dependency "bundler"
|
|
24
24
|
spec.add_development_dependency "nokogiri", "~> 1.6"
|
data/bridgetown.automation.rb
CHANGED
|
@@ -2,7 +2,39 @@ say_status :content_security_policy, "Installing the bridgetown-content-security
|
|
|
2
2
|
|
|
3
3
|
add_bridgetown_plugin "bridgetown-content-security-policy"
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
create_file "content_security_policy.config.rb" do
|
|
6
|
+
<<~RUBY
|
|
7
|
+
# The recommended default Content Security Policy
|
|
8
|
+
|
|
9
|
+
BridgetownContentSecurityPolicy.configure :default do |policy|
|
|
10
|
+
policy.default_src :self
|
|
11
|
+
policy.img_src :self, :data
|
|
12
|
+
policy.object_src :none
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
# All other policies with inherit from :default
|
|
16
|
+
# To allow inline styles on certain pages, we can define the following
|
|
17
|
+
# policy which inherits all the values from :default and defines a style_src
|
|
18
|
+
#
|
|
19
|
+
# BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
|
|
20
|
+
# policy.style_src :self, :unsafe_inline
|
|
21
|
+
# end
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
# This is an example of a more complex policy demonstrating the DSL
|
|
25
|
+
# For further information see the following documentation
|
|
26
|
+
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
27
|
+
|
|
28
|
+
# BridgetownContentSecurityPolicy.configure :default do |policy|
|
|
29
|
+
# policy.default_src :self
|
|
30
|
+
# policy.font_src :self, :https, :data
|
|
31
|
+
# policy.img_src :self, :https, :data
|
|
32
|
+
# policy.object_src :none
|
|
33
|
+
# policy.script_src :self, :https
|
|
34
|
+
# policy.style_src :self, :https
|
|
35
|
+
# end
|
|
36
|
+
RUBY
|
|
37
|
+
end
|
|
6
38
|
|
|
7
39
|
say_status :content_security_policy, "All done! Please add {% content_security_policy %} to the head tag in your layouts."
|
|
8
40
|
say_status :content_security_policy, "Please see the new content_security_policy.rb file for details"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bridgetown-content-security-policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ayush Newatia
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0.
|
|
19
|
+
version: '0.18'
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: '2.0'
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: '0.
|
|
29
|
+
version: '0.18'
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: '2.0'
|
|
@@ -106,7 +106,6 @@ files:
|
|
|
106
106
|
- lib/bridgetown-content-security-policy/builder.rb
|
|
107
107
|
- lib/bridgetown-content-security-policy/policy.rb
|
|
108
108
|
- lib/bridgetown-content-security-policy/version.rb
|
|
109
|
-
- templates/content_security_policy.config.rb
|
|
110
109
|
homepage: https://github.com/ayushn21/bridgetown-content-security-policy
|
|
111
110
|
licenses:
|
|
112
111
|
- MIT
|
|
@@ -129,5 +128,5 @@ requirements: []
|
|
|
129
128
|
rubygems_version: 3.1.4
|
|
130
129
|
signing_key:
|
|
131
130
|
specification_version: 4
|
|
132
|
-
summary: Add a content security policy to your website using Ruby
|
|
131
|
+
summary: Add a content security policy to your website using a convenient Ruby DSL
|
|
133
132
|
test_files: []
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
# The recommended default Content Security Policy
|
|
2
|
-
|
|
3
|
-
BridgetownContentSecurityPolicy.configure :default do |policy|
|
|
4
|
-
policy.default_src :self
|
|
5
|
-
policy.img_src :self, :data
|
|
6
|
-
policy.object_src :none
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
# All other policies with inherit from :default
|
|
10
|
-
# To allow inline styles on certain pages, we can define the following
|
|
11
|
-
# policy which inherits all the values from :default and defines a style_src
|
|
12
|
-
#
|
|
13
|
-
# BridgetownContentSecurityPolicy.configure :allow_inline_styles do |policy|
|
|
14
|
-
# policy.style_src :self, :unsafe_inline
|
|
15
|
-
# end
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
# This is an example of a more complex policy demonstrating the DSL
|
|
19
|
-
# For further information see the following documentation
|
|
20
|
-
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
21
|
-
|
|
22
|
-
# BridgetownContentSecurityPolicy.configure :default do |policy|
|
|
23
|
-
# policy.default_src :self
|
|
24
|
-
# policy.font_src :self, :https, :data
|
|
25
|
-
# policy.img_src :self, :https, :data
|
|
26
|
-
# policy.object_src :none
|
|
27
|
-
# policy.script_src :self, :https
|
|
28
|
-
# policy.style_src :self, :https
|
|
29
|
-
# end
|