rack-content_security_policy 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +3 -1
  4. data/README.md +3 -3
  5. data/lib/rack/content_security_policy.rb +10 -12
  6. data/lib/rack/content_security_policy/version.rb +1 -1
  7. metadata +1 -1
  8. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9b9e9aca094f17fb9f1e827681438079c7367455
4
- data.tar.gz: 56f4b069b5f8200fb013185ceeca0edd2f948a53
3
+ metadata.gz: d3020478a9da4f0b6203521b966e885cccff4156
4
+ data.tar.gz: f071347ff4e22ad4bb469e79e48579f551ee362b
5
5
  SHA512:
6
- metadata.gz: 9f1b007aa13990118fbfde2c03e6754b21129ff88aec595db998b529429679cce29145dafa968db45a15e69cadb0de2525a44b94264cd329452dcc1dd395d7c4
7
- data.tar.gz: 69c52990e9ba6e5ae7776382e17e5f671b6815971a91171270109c26503c996bf8039e139c45a35d0146bb5e5d2559ac0acdc93c04c233be2513961e1ed31438
6
+ metadata.gz: 0c7670af664401e3e1f5253810c184c9f67d598fe5843229c1a1ece9eb9805e2a7be8b1bb86b14160b633ebe4f11d7e113f00039b018a2e7e7f370ab942a0263
7
+ data.tar.gz: f730f40ae77ad9ce6aa9623d5f38e39d9885e784aa0e9d9d07f1d1c35c3edc5a043adea4ceb895833b8ce99a9dcf77834008ad05683239d2fc58528460d3a091
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
@@ -1 +1,3 @@
1
- ����Hv3!�>s�'A[A'�]1��Z������ы�������4e��,��rZ�("�"�.-dٹ6eƖ���L
1
+ Ze��^u[�s
2
+ Hi�ݦ�g"�gz���f
3
+ 7��q�|�Nk� f��-�Tm�2�VV|��n?Y������'����(�U+�)t{�$>c 8���\n��;'� �'�gf�|#<��>ҷ���ª�g;���q͜��__up�n���i:2����u
data/README.md CHANGED
@@ -11,8 +11,8 @@ been used in production. Your feedback is requested.
11
11
  ## About
12
12
 
13
13
  `Rack::ContentSecurityPolicy` is a Rack middleware that makes it easy for your
14
- Rack based application (Sinatra, Rails) to serve Content Security Policy headers
15
- for HTML pages.
14
+ Rack based application (Sinatra, Rails) to serve an `Content-Security-Policy` or
15
+ `Content-Security-Policy-Report-Only` header.
16
16
 
17
17
  This middleware was inspired by the [p0deje/content-security-policy](https://github.com/p0deje/content-security-policy)
18
18
  middleware and borrows quite a bit of code from that gem. This gem also makes
@@ -72,7 +72,7 @@ Learn more about the Content Security Policy at the following sites:
72
72
  require 'rack/content_security_policy'
73
73
 
74
74
  Rack::ContentSecurityPolicy.configure do |d|
75
- d.report_only = ENV.fetch('RACK_ENV') != 'production'
75
+ d.report_only = false
76
76
  d['default-src'] = "'none'"
77
77
  d['script-src'] = "'self'"
78
78
  d['upgrade-insecure-requests'] = true
data/lib/rack/content_security_policy.rb CHANGED
@@ -45,18 +45,16 @@ module Rack
45
45
  def _call(env)
46
46
  status, headers, response = @app.call(env)
47
47
 
48
- if headers.is_a?(Hash) && headers['Content-Type'] && headers['Content-Type'].include?('text/html')
49
- directives = @directives.sort.map do |d|
50
- if NO_ARG_DIRECTIVES.include?(d[0])
51
- d[0]
52
- else
53
- "#{d[0]} #{d[1]}"
54
- end
55
- end.join('; ')
56
-
57
- csp_hdr = @report_only ? CSP_REPORT_ONLY_HEADER : CSP_HEADER
58
- headers[csp_hdr] = directives
59
- end
48
+ directives = @directives.sort.map do |d|
49
+ if NO_ARG_DIRECTIVES.include?(d[0])
50
+ d[0]
51
+ else
52
+ "#{d[0]} #{d[1]}"
53
+ end
54
+ end.join('; ')
55
+
56
+ csp_hdr = @report_only ? CSP_REPORT_ONLY_HEADER : CSP_HEADER
57
+ headers[csp_hdr] = directives
60
58
 
61
59
  [status, headers, response]
62
60
  end
data/lib/rack/content_security_policy/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class ContentSecurityPolicy
3
- VERSION = '0.1.1'.freeze
3
+ VERSION = '0.1.2'.freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-content_security_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Glenn Rempe
metadata.gz.sig CHANGED
Binary file