govuk_app_config 9.3.0 → 9.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/govuk_app_config/govuk_content_security_policy.rb +5 -0
- data/lib/govuk_app_config/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 273b6b6ef65edc0acb8786a4e5352dfbd0c06d54ed7df78b71352f513b74ba22
|
4
|
+
data.tar.gz: a929e8ecabac4aada60d6c31337d1f36b7ce077a259fa596124f44cfc7c8ab0c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 86bf49ce98b88af4c0781a94797eeb55cd4007830004fa6ed90c65dd19e4b0b409897b53f10b0293f2e5120ea3241517e3c08548527d34daab165e8f838b0e06
|
7
|
+
data.tar.gz: fa89fb00c3e24406151b4e5cdce2f54596ecf56846192b1dfc378f3237a00beffb129805d205a0d001e6ce2205ae4d404b468b6fd240a3011e0a41aa8ad3e06f
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
# 9.4.0
|
2
|
+
|
3
|
+
* Disallow any domain from embeding a page to prevent clickjacking ([#322](https://github.com/alphagov/govuk_app_config/pull/322))
|
4
|
+
* Fix GovukContentSecurityPolicy test ([#324](https://github.com/alphagov/govuk_app_config/pull/324))
|
5
|
+
|
1
6
|
# 9.3.0
|
2
7
|
|
3
8
|
* Get prometheus labels from controller, not params ([#320](https://github.com/alphagov/govuk_app_config/pull/320))
|
@@ -80,6 +80,11 @@ module GovukContentSecurityPolicy
|
|
80
80
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
|
81
81
|
policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com", "www.youtube-nocookie.com" # Allow youtube embeds
|
82
82
|
|
83
|
+
# Disallow any domain from embeding a page using <frame>, <iframe>, <object>, or <embed> to prevent clickjacking
|
84
|
+
#
|
85
|
+
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
|
86
|
+
policy.frame_ancestors :none
|
87
|
+
|
83
88
|
policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI")
|
84
89
|
end
|
85
90
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: govuk_app_config
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 9.
|
4
|
+
version: 9.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GOV.UK Dev
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-10-
|
11
|
+
date: 2023-10-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logstasher
|