rack-content_security_policy 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1c74e025fe99f4261fae5e2e702595beb9b583e6
4
- data.tar.gz: 3a7a571e64ff5f6c9c6544cbdafec917a3486534
3
+ metadata.gz: 9b9e9aca094f17fb9f1e827681438079c7367455
4
+ data.tar.gz: 56f4b069b5f8200fb013185ceeca0edd2f948a53
5
5
  SHA512:
6
- metadata.gz: b7f8a959b4aff650ec3ee02dbe8b58721d3c769b1c41486568a6c92439ead14673d37cede35bc51ee951c444af36e431cd3d029620dc86aabdd6be2e0ae494bd
7
- data.tar.gz: 98b3604f10022434f6209398afb7bb99839573ddc8d09ac8ff30bd97639b5af1a32fea78c4eaaf61c9563ebdeb6d9db8c014bb540915d7c4576d95561ce0a68d
6
+ metadata.gz: 9f1b007aa13990118fbfde2c03e6754b21129ff88aec595db998b529429679cce29145dafa968db45a15e69cadb0de2525a44b94264cd329452dcc1dd395d7c4
7
+ data.tar.gz: 69c52990e9ba6e5ae7776382e17e5f671b6815971a91171270109c26503c996bf8039e139c45a35d0146bb5e5d2559ac0acdc93c04c233be2513961e1ed31438
checksums.yaml.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -50,6 +50,9 @@ accepts two primary configuration options:
50
50
  * `report_only` : boolean `true` or `false`. Returns a `Content-Security-Policy-Report-Only` header instead of `Content-Security-Policy` when `true`. Defaults to true.
51
51
  * `directives` : A collection of valid CSP directives provided as key/value pairs. The key must be a lowercase String and must be comprised of the characters [a-z] and the `-`. The value must also be a String but is not limited to remain flexible as the CSP standards evolve. You can use conditional statements within the configuration block to set values dynamically at startup time. Defaults to an empty config that you must configure. An empty config will raise an exception.
52
52
 
53
+ Note that certain CSP directives, such as `upgrade-insecure-requests`, do not
54
+ take any arguments. For those, just set the value to `true`.
55
+
53
56
  Learn more about the Content Security Policy at the following sites:
54
57
 
55
58
  * W3C CSP Level 1 (deprecated) : [https://www.w3.org/TR/CSP1/](https://www.w3.org/TR/CSP1/)
@@ -72,6 +75,7 @@ Rack::ContentSecurityPolicy.configure do |d|
72
75
  d.report_only = ENV.fetch('RACK_ENV') != 'production'
73
76
  d['default-src'] = "'none'"
74
77
  d['script-src'] = "'self'"
78
+ d['upgrade-insecure-requests'] = true
75
79
  end
76
80
 
77
81
  use Rack::ContentSecurityPolicy
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class ContentSecurityPolicy
3
- VERSION = '0.1.0'.freeze
3
+ VERSION = '0.1.1'.freeze
4
4
  end
5
5
  end
@@ -45,7 +45,7 @@ module Rack
45
45
  def _call(env)
46
46
  status, headers, response = @app.call(env)
47
47
 
48
- if headers['Content-Type'].include?('text/html')
48
+ if headers.is_a?(Hash) && headers['Content-Type'] && headers['Content-Type'].include?('text/html')
49
49
  directives = @directives.sort.map do |d|
50
50
  if NO_ARG_DIRECTIVES.include?(d[0])
51
51
  d[0]
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Glenn Rempe
@@ -30,7 +30,7 @@ cert_chain:
30
30
  vprF5QiDz8HshVP9DjJT2I1wyGyvxEdU3cTRo0upMP/VZLcgyBVFy90N2XYWWk2D
31
31
  GIxGSw==
32
32
  -----END CERTIFICATE-----
33
- date: 2016-11-10 00:00:00.000000000 Z
33
+ date: 2016-11-14 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: rack
metadata.gz.sig CHANGED
Binary file