rack-content_security_policy 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +4 -0
- data/lib/rack/content_security_policy/version.rb +1 -1
- data/lib/rack/content_security_policy.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9b9e9aca094f17fb9f1e827681438079c7367455
|
|
4
|
+
data.tar.gz: 56f4b069b5f8200fb013185ceeca0edd2f948a53
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f1b007aa13990118fbfde2c03e6754b21129ff88aec595db998b529429679cce29145dafa968db45a15e69cadb0de2525a44b94264cd329452dcc1dd395d7c4
|
|
7
|
+
data.tar.gz: 69c52990e9ba6e5ae7776382e17e5f671b6815971a91171270109c26503c996bf8039e139c45a35d0146bb5e5d2559ac0acdc93c04c233be2513961e1ed31438
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/README.md
CHANGED
|
@@ -50,6 +50,9 @@ accepts two primary configuration options:
|
|
|
50
50
|
* `report_only` : boolean `true` or `false`. Returns a `Content-Security-Policy-Report-Only` header instead of `Content-Security-Policy` when `true`. Defaults to true.
|
|
51
51
|
* `directives` : A collection of valid CSP directives provided as key/value pairs. The key must be a lowercase String and must be comprised of the characters [a-z] and the `-`. The value must also be a String but is not limited to remain flexible as the CSP standards evolve. You can use conditional statements within the configuration block to set values dynamically at startup time. Defaults to an empty config that you must configure. An empty config will raise an exception.
|
|
52
52
|
|
|
53
|
+
Note that certain CSP directives, such as `upgrade-insecure-requests`, do not
|
|
54
|
+
take any arguments. For those, just set the value to `true`.
|
|
55
|
+
|
|
53
56
|
Learn more about the Content Security Policy at the following sites:
|
|
54
57
|
|
|
55
58
|
* W3C CSP Level 1 (deprecated) : [https://www.w3.org/TR/CSP1/](https://www.w3.org/TR/CSP1/)
|
|
@@ -72,6 +75,7 @@ Rack::ContentSecurityPolicy.configure do |d|
|
|
|
72
75
|
d.report_only = ENV.fetch('RACK_ENV') != 'production'
|
|
73
76
|
d['default-src'] = "'none'"
|
|
74
77
|
d['script-src'] = "'self'"
|
|
78
|
+
d['upgrade-insecure-requests'] = true
|
|
75
79
|
end
|
|
76
80
|
|
|
77
81
|
use Rack::ContentSecurityPolicy
|
|
@@ -45,7 +45,7 @@ module Rack
|
|
|
45
45
|
def _call(env)
|
|
46
46
|
status, headers, response = @app.call(env)
|
|
47
47
|
|
|
48
|
-
if headers['Content-Type'].include?('text/html')
|
|
48
|
+
if headers.is_a?(Hash) && headers['Content-Type'] && headers['Content-Type'].include?('text/html')
|
|
49
49
|
directives = @directives.sort.map do |d|
|
|
50
50
|
if NO_ARG_DIRECTIVES.include?(d[0])
|
|
51
51
|
d[0]
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-content_security_policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Glenn Rempe
|
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
|
30
30
|
vprF5QiDz8HshVP9DjJT2I1wyGyvxEdU3cTRo0upMP/VZLcgyBVFy90N2XYWWk2D
|
|
31
31
|
GIxGSw==
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2016-11-
|
|
33
|
+
date: 2016-11-14 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: rack
|
metadata.gz.sig
CHANGED
|
Binary file
|