RubyGems - csp_report - Versions diffs - 0.4.0 → 1.0.0 - Mend

csp_report 0.4.0 → 1.0.0

Files changed (4) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4c3df7be47bd57116be91c9f07e8abdd00e1d34a
-  data.tar.gz: 66ff93264d5f432ecd4b878a2fbd9ce0a29024bf
+  metadata.gz: 71b96c2b38d600e6aaad2589bb2d1d16ebafc69a
+  data.tar.gz: b2f1a28385911667bc3826a7b204974b31fb499b
 SHA512:
-  metadata.gz: 0ed72f415782aa6d14d49b9d3a64a416ae1eea4e4d9f15dd3dcafb0aca4a47d035ed1787e922a253e7e28c0e82acad7be78b4d9dca664ec2ca519f2bc699d361
-  data.tar.gz: 9805a4912c9111cebbc1a91e530ef4bd68b2edc05d08fb090eb1d651a5a8e6474f4ff297fd776a5fc75f753c7f1bd7e53f165a6cb02311598d0d864cd53a6228
+  metadata.gz: ce05a919ef86f2bfcfc2ce8c72013ebd3a3b80a30cfed67a823112168b31d2b54f497d565960e1e139bbf2559b81267fb213ef0c8890a11a578efb25964e569a
+  data.tar.gz: 4ab795bc4a6716d3286067ba3f54f7b2dc73aa75523ab0a5e5a63e8443f3e48916348c4d349cbfae7d3209bd45aa8a7028a1524ca53fd589ea1c7a9cdb1b6ae6

data/README.md CHANGED

@@ -4,31 +4,19 @@ CspReport
 This gem provides a Rails engine that manages the CSP violations reported by
 the client browser (when supported).
-This gem was started with CSP v1.0 specification. On Aug 9th, an editor's draft
-of v1.1 was published. This gem currently has not been modified to support it.
-However v1.1 of CSP is spec'd to be backward compatible and from my lecture of
-the spec, I can't see anything that should not work if your browser ups to the
-new version.
-**Disclaimer**
-This is a rough cut gem for the moment. It won't look like much in the report
-page. However, elements have a class so you can add some CSS style before I
- add some clean ones in the gem.
-I promise something cleaner when I'll get to v1.
+As of today (Sept 14th), a new editor's draft of CSP 1.1 is available and got
+rid of the new proposed report elements. Therefore, as of today too, I'll
+publish the current version of the gem as the csp_report 1.0 version.
 [Installation](#install) | [Upgrade](#upgrade-notes) |
 [Configuration](#trying-it-out) | [Description](#what-is-csp)
-**Careful**: If migrating from 0.1.x, please follow
-[these instructions](#upgrade-from-01x)
+**Careful**: If migrating from an earlier version, please look up the upgrage
+instructions.
-**Careful**: If migrating from 0.2.x or below, you can follow
-[these instructions](#upgrade-from-02x-or-below). This is not mandatory.
-**Careful**: If migrating from 0.3.x or below, you can follow
-[these instructions](#upgrade-from-03x-or-below). This is mandatory.
+Now that v1.0 is out, I would advise to redo an install from scratch or to
+consult the new [INSTALL](./INSTALL.md) file for details of what should be
+installed
 What is CSP
 ===========
@@ -44,7 +32,7 @@ For more information, consult
 [Browser supporting CSP](http://caniuse.com/#search=csp)
-Tested in Chrome 27 and shown to work with the *'Content-Security-Policy'* new
+Tested in Chrome (since version 27) and shown to work with the *'Content-Security-Policy'* new
 directive.
 Safari 6 already supports it but with the *'X-Webkit-CSP'* directive. However, it
 seems the *report_uri* parameter is not yet supported there.
@@ -53,9 +41,8 @@ Features
 ========
 * Provides a *csp_report* resource that stores the reported violations.
-* Displays the violation for analysis
+* Displays the violation for analysis along with consolidated reports.
 * Keeps up-to-date with the CSP W3C RFC
-* Future: provide visualization aids on the report data
 Why using this gem
 ==================
@@ -71,7 +58,7 @@ that you'll have a hard
 time figuring out all the sources you are using. By recording all the breaches,
  this gem allows you to setup a policy, run a crawler for example, and then
 look at what is reported as breaches. It will help you getting rid of your
-inline js and so on.
+inline js and tuning your policy.
 * Second, in normal production mode, it'll help you monitor the situation and
 see if your server has been victim of some injection (if some input is not
 sanitize properly) or if your users are being attacked in some way (in which
@@ -80,6 +67,8 @@ case you might gather stats and maybe warn them in one way or another).
 Install
 =======
+_(See the [INSTALL.md](./INSTALL.md) file for more details)_
 1. In your *Gemfile*, add the following
 ```
 	gem csp_report
@@ -95,8 +84,7 @@ too
 ```shell
 	rails generate csp_report:install [mount_point_name] [-a]
 ```
-It retrieve the db migration files from the gem and copy them in the application
-It mounts the engine in the application (see routes.rb)
+Among other things, it retrieves the db migration files from the gem and copy them in the application
 *Don't forget to run the `rake db:migrate` command*
 1. **EASY INSTALL**: if you used the *-a* parameter above, you can skip this
@@ -162,7 +150,10 @@ have to redefine every single one of them.
 #### Changing the CSP rule per controller/action
-TODO - gbataille - Fill in this section
+This is not tested, but by adding a before_filter to any of your controller,
+you should be able to override the application level CSP directive.
+TODO - gbataille - Test it
 Utilities
 =========
@@ -179,7 +170,6 @@ To come
 * Customization instructions
 * Support of CSP 1.1 draft spec
-* Eased data mining
 Upgrade notes
 =============

data/lib/csp_report/version.rb CHANGED

@@ -1,4 +1,4 @@
 module CspReport
   #TODO - gbataille: Permanent todo to bump the version for new releases
-  VERSION = "0.4.0".freeze
+  VERSION = "1.0.0".freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: csp_report
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Gregory Bataille
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-09-13 00:00:00.000000000 Z
+date: 2013-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails