govuk_app_config 7.2.1 → 8.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/govuk_app_config/govuk_content_security_policy.rb +2 -9
- data/lib/govuk_app_config/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c1dd070d1b3a41bd0eb7345fa619c18b3c611d279e6688c8e3565c3dbdc92a2e
|
4
|
+
data.tar.gz: 14e16cb4227f681a38e36abceb7e693d0fec5db388d5d87ec195942be0e325d9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0c16cc5b73d5ffb2d1c5ec1ed0b6479f32a781b9747864454799f08302a719840bdc816317a78c76c9cbeeb8eec90c79958c3fbd9fac7a008bab828fe4a9a852
|
7
|
+
data.tar.gz: 11b23903b16b594015f04d00f6bfff838ce7e89d1dd25bcc15cea50f65cc2c36dbe910acf1cc0c3cc31786f2059d5560f968a1804546082c6f4c88aba1dca213
|
data/CHANGELOG.md
CHANGED
@@ -56,17 +56,10 @@ module GovukContentSecurityPolicy
|
|
56
56
|
"www.youtube-nocookie.com"
|
57
57
|
|
58
58
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
|
59
|
-
# Note: we purposely don't include `data
|
59
|
+
# Note: we purposely don't include `data:`, `unsafe-inline` or `unsafe-eval` because
|
60
60
|
# they are security risks, if you need them for a legacy app please only apply them at
|
61
61
|
# an app level.
|
62
|
-
policy.style_src :self,
|
63
|
-
*GOOGLE_STATIC_DOMAINS,
|
64
|
-
# This allows `style=""` attributes and `<style>` elements.
|
65
|
-
# As of January 2023 our intentions to remove this were scuppered
|
66
|
-
# by Govspeak [1] using inline styles on tables. Until that
|
67
|
-
# is resolved we'll keep unsafe_inline
|
68
|
-
# [1]: https://github.com/alphagov/govspeak/blob/5642fcc4231f215d1c58ad7feb30ca42fb8cfb91/lib/govspeak/html_sanitizer.rb#L72-L73
|
69
|
-
:unsafe_inline
|
62
|
+
policy.style_src :self, *GOOGLE_STATIC_DOMAINS
|
70
63
|
|
71
64
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
|
72
65
|
# Note: we purposely don't include data here because it produces a security risk.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: govuk_app_config
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 8.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GOV.UK Dev
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-06-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logstasher
|