csp_report 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -1
- data/lib/csp_report.rb +1 -2
- data/lib/csp_report/version.rb +1 -1
- metadata +31 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a67c65f19301c31abe8d13421b4b2240a0fcb220
|
|
4
|
+
data.tar.gz: 295a52305a61819d25f33d5b5eedf1285492edb5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aaedf37ca2ff7c003b877a9c6457baa40664eb73706fc51bd31950bb1cb1d6edfe980d68f5f44c2f4ec71e1dcba979f58e19be7beefacc958cd16dcdd7269ec0
|
|
7
|
+
data.tar.gz: 254d79e625d31a44766e336dc6dfa3734d329b20846aaaabd3244bcd071f6aa70c7ea519895370f6fa41a70d9c755c25f1ce9b71465bebc2f7b5241195e14892
|
data/README.md
CHANGED
|
@@ -38,19 +38,22 @@ Install
|
|
|
38
38
|
=======
|
|
39
39
|
|
|
40
40
|
1. In your *Gemfile*, add the following
|
|
41
|
-
|
|
41
|
+
|
|
42
|
+
```
|
|
42
43
|
gem csp_report
|
|
43
44
|
```
|
|
44
45
|
|
|
45
46
|
Don't forget to run `bundle install` afterwards
|
|
46
47
|
|
|
47
48
|
2. Retrieve the db migration files from the gem and install them
|
|
49
|
+
|
|
48
50
|
```shell
|
|
49
51
|
rake csp_report:install:migrations
|
|
50
52
|
rake db:migrate
|
|
51
53
|
```
|
|
52
54
|
|
|
53
55
|
3. In your *config/routes.rb*, you need to import the csp routes, like so
|
|
56
|
+
|
|
54
57
|
```ruby
|
|
55
58
|
mount CspReport::Engine, at: 'csp'
|
|
56
59
|
```
|
|
@@ -62,6 +65,7 @@ routes in your application
|
|
|
62
65
|
4. You need to configure a CSP on your server response, with the *report_uri*
|
|
63
66
|
parameters pointing to the configured REST resource above. Following the setup
|
|
64
67
|
above, one solution is to find this in your application_controller.rb file:
|
|
68
|
+
|
|
65
69
|
```ruby
|
|
66
70
|
class ApplicationController
|
|
67
71
|
protect_from_forgery
|
|
@@ -82,6 +86,7 @@ Trying it out
|
|
|
82
86
|
|
|
83
87
|
With the policy set as an example above (*script 'self'*), inline javascript is
|
|
84
88
|
not authorized. Just put some
|
|
89
|
+
|
|
85
90
|
```html
|
|
86
91
|
<script>
|
|
87
92
|
alert('test')
|
data/lib/csp_report.rb
CHANGED
data/lib/csp_report/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: csp_report
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gregory Bataille
|
|
@@ -25,27 +25,13 @@ dependencies:
|
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 4.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: haml
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - ~>
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0.4'
|
|
34
|
-
type: :runtime
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - ~>
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0.4'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: sass-rails
|
|
28
|
+
name: haml
|
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
|
44
30
|
requirements:
|
|
45
31
|
- - ~>
|
|
46
32
|
- !ruby/object:Gem::Version
|
|
47
33
|
version: 4.0.0
|
|
48
|
-
type: :
|
|
34
|
+
type: :runtime
|
|
49
35
|
prerelease: false
|
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
37
|
requirements:
|
|
@@ -108,6 +94,34 @@ dependencies:
|
|
|
108
94
|
- - ~>
|
|
109
95
|
- !ruby/object:Gem::Version
|
|
110
96
|
version: 4.2.1
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: sass-rails
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ~>
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: 4.0.0
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ~>
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: 4.0.0
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: haml-rails
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - ~>
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '0.4'
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - ~>
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '0.4'
|
|
111
125
|
description: Provide reporting and analysis of your site CSP violations
|
|
112
126
|
email:
|
|
113
127
|
- gbataille.dev@gmail.com
|