RubyGems - ezcsp - Versions diffs - 0.0.1 → 0.0.2 - Mend

ezcsp 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a64098cd248945d8710812f3321c933b2369eeea
-  data.tar.gz: 057154fe542773f16ef047ecce002dc0882a08b0
+  metadata.gz: e85c15f0666a4ccbdd890925384c38e92e642e30
+  data.tar.gz: 1d9057b469c1a375a81e1bf10f0378c79dece42a
 SHA512:
-  metadata.gz: b8d006493d6446008a8beb09c8cd5c425365fb1583d07f8ecd152695524dbfc2859a7d6398ebd1f55107c056729a15f23ccf5701bc5faf30d377c01cedc3c739
-  data.tar.gz: e453772110f23a06a30f94c91465433ac36e8e8b2a1f79c1fd0dc877f830e6f439b8b9c426be7bcef38a66a03a2526f98be08b8c1f713e022d7bc5230c5e2624
+  metadata.gz: ff4d1d6a894c50875bf30d2ce60ee6aa31049642b9ee32a24c24c37a9c80e98a0552590e6fd9aabc5dc543c42fd7af54e310e9c60bbdef137c54c526acc157a2
+  data.tar.gz: 64430bd7554d662d9629501bf667a656caabaa9c2f570736c089dc01f598dd217674ba2261eab0dc7597a614d69d6ffc50bb7dd49f5bd4e1e89893188fab841f

data/README.md ADDED

@@ -0,0 +1,50 @@
+EzCSP provides a simple object-oriented way to generate `Content-Security-Policy`
+HTTP headers. For documentation on CSP, see Mozilla's [Content-Security-Policy page](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy).
+Basic usage:
+    require 'ezcsp'
+    csp = EzCSP.new()
+Then, depending on how you output HTTP headers, you could output the CSP header
+something like this:
+    headers['Content-Security-Policy'] = csp.to_s
+`csp.to_s`, by default, returns this string:
+    default-src 'self'; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; block-all-mixed-content;
+By default, the header value is very restrictive. It basically states that no
+resources — scripts, styles, images, etc. — from outside the current web site
+can be used. Expand that set of allowed resources by adding to the accessors
+listed in the class documentation, usually by using the `cdn` method. So, for
+example, to allow the browser to get scripts and styles from `code.jquery.com`,
+you would do this:
+    csp.cdn 'code.jquery.com', 'script_src', 'style_src'
+which would produce this header value:
+    default-src 'self'; script-src 'self' code.jquery.com; style-src 'self' code.jquery.com; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; block-all-mixed-content;
+EzCSP isn't a substitute for understanding content security policies. Make
+sure you [read up on CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) before using this class.
+## Install
+```
+gem install ezcsp
+```
+## Author
+Mike O'Sullivan
+mike@idocs.com
+## History
+| version   |    date      |  notes |
+|----------|-------------|------|
+| 0.0.2 | Nov 9, 2018 | Improved structure of gem. No changes to code. |
+| 0.0.1 | Nov 5, 2018 | Initial upload. |

data/lib/ezcsp.rb CHANGED

@@ -5,42 +5,6 @@ require 'json'
 #
 ##
-# EzCSP provides a simple object-oriented way to generate
-# <tt>Content-Security-Policy</tt> HTTP headers. For documentation on CSP,
-# see {Mozilla's Content-Security-Policy page}[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy].
-#
-# Basic usage:
-#
-#     require 'ezcsp'
-#     csp = EzCSP.new()
-#
-# Then, depending on how you output HTTP headers, you could output the CSP header
-# something like this:
-#
-#     headers['Content-Security-Policy'] = csp.to_s
-#
-# <tt>csp.to_s</tt>, by default, returns this string:
-#
-#     default-src 'self'; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; block-all-mixed-content;
-#
-# By default, the header value is very restrictive. It basically states that no
-# resources — scripts, styles, images, etc. — from outside the current web site
-# can be used. Expand that set of allowed resources by adding to the accessors
-# listed below, usually by using the #cdn method. So, for example, to
-# allow the browser to get scripts and styles from <tt>code.jquery.com</tt>,
-# you would do this:
-#
-#     csp.cdn 'code.jquery.com', 'script_src', 'style_src'
-#
-# which would produce this header value:
-#
-#     default-src 'self'; script-src 'self' code.jquery.com; style-src 'self' code.jquery.com; frame-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; block-all-mixed-content;
-#
-# EzCSP isn't a substitute for understanding content security policies. Make
-# sure you
-# {read up on CSP}[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy]
-# before using this class.
-#
 # In the array attributes listed below, if the value <tt>none</tt> is in the
 # array, then all other values are ignored.

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ezcsp
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Mike O'Sullivan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-05 00:00:00.000000000 Z
+date: 2018-11-10 00:00:00.000000000 Z
 dependencies: []
 description: Simplifies creating a content security policy for use as an HTTP header
 email: miko@idocs.com
@@ -16,6 +16,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- README.md
 - lib/ezcsp.rb
 homepage: https://rubygems.org/gems/ezcsp
 licenses: