rack-content_security_policy 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9b9e9aca094f17fb9f1e827681438079c7367455
-  data.tar.gz: 56f4b069b5f8200fb013185ceeca0edd2f948a53
+  metadata.gz: d3020478a9da4f0b6203521b966e885cccff4156
+  data.tar.gz: f071347ff4e22ad4bb469e79e48579f551ee362b
 SHA512:
-  metadata.gz: 9f1b007aa13990118fbfde2c03e6754b21129ff88aec595db998b529429679cce29145dafa968db45a15e69cadb0de2525a44b94264cd329452dcc1dd395d7c4
-  data.tar.gz: 69c52990e9ba6e5ae7776382e17e5f671b6815971a91171270109c26503c996bf8039e139c45a35d0146bb5e5d2559ac0acdc93c04c233be2513961e1ed31438
+  metadata.gz: 0c7670af664401e3e1f5253810c184c9f67d598fe5843229c1a1ece9eb9805e2a7be8b1bb86b14160b633ebe4f11d7e113f00039b018a2e7e7f370ab942a0263
+  data.tar.gz: f730f40ae77ad9ce6aa9623d5f38e39d9885e784aa0e9d9d07f1d1c35c3edc5a043adea4ceb895833b8ce99a9dcf77834008ad05683239d2fc58528460d3a091

data.tar.gz.sig

@@ -1 +1,3 @@
-����H�v3!�>s�'A[A�'�]1��Z������ы�������4e��,��
rZ�("�"�.-dٹ6eƖ���L
+Z�e��^u[�s
+	Hi�ݦ�g"�gz���f
+7��q�|�Nk� f��-�Tm�2�VV|��n?Y������'����(�U+�)t{�$>c	8���\n��;'�	�'�gf�|#<��>ҷ���ª�g;���q͜��__up�n���i:2����u

data/README.md

@@ -11,8 +11,8 @@ been used in production. Your feedback is requested.
 ## About
 
 `Rack::ContentSecurityPolicy` is a Rack middleware that makes it easy for your
-Rack based application (Sinatra, Rails) to serve Content Security Policy headers
-for HTML pages.
+Rack based application (Sinatra, Rails) to serve an `Content-Security-Policy` or
+`Content-Security-Policy-Report-Only` header.
 
 This middleware was inspired by the [p0deje/content-security-policy](https://github.com/p0deje/content-security-policy)
 middleware and borrows quite a bit of code from that gem. This gem also makes
@@ -72,7 +72,7 @@ Learn more about the Content Security Policy at the following sites:
 require 'rack/content_security_policy'
 
 Rack::ContentSecurityPolicy.configure do |d|
-  d.report_only = ENV.fetch('RACK_ENV') != 'production'
+  d.report_only = false
   d['default-src'] = "'none'"
   d['script-src']  = "'self'"
   d['upgrade-insecure-requests'] = true

data/lib/rack/content_security_policy.rb

@@ -45,18 +45,16 @@ module Rack
     def _call(env)
       status, headers, response = @app.call(env)
 
-      if headers.is_a?(Hash) && headers['Content-Type'] && headers['Content-Type'].include?('text/html')
-        directives = @directives.sort.map do |d|
-          if NO_ARG_DIRECTIVES.include?(d[0])
-            d[0]
-          else
-            "#{d[0]} #{d[1]}"
-          end
-        end.join('; ')
-
-        csp_hdr = @report_only ? CSP_REPORT_ONLY_HEADER : CSP_HEADER
-        headers[csp_hdr] = directives
-      end
+      directives = @directives.sort.map do |d|
+        if NO_ARG_DIRECTIVES.include?(d[0])
+          d[0]
+        else
+          "#{d[0]} #{d[1]}"
+        end
+      end.join('; ')
+
+      csp_hdr = @report_only ? CSP_REPORT_ONLY_HEADER : CSP_HEADER
+      headers[csp_hdr] = directives
 
       [status, headers, response]
     end

data/lib/rack/content_security_policy/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class ContentSecurityPolicy
-    VERSION = '0.1.1'.freeze
+    VERSION = '0.1.2'.freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-content_security_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Glenn Rempe