rack-secure_headers 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gems +2 -0
- data/lib/rack/secure_headers/version.rb +1 -1
- data/lib/rack/secure_headers.rb +29 -28
- data/makefile +1 -1
- data/rack-secure_headers.gemspec +2 -3
- metadata +9 -24
- data/.gitignore +0 -1
- data/Gemfile +0 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e495954722a9dfbac925e93f2e31364056083f04
|
|
4
|
+
data.tar.gz: 433960cb3b6821c8326d70ee356c452b57748345
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7fa557243e1acc57060b9bcc9bb8a390efe31082e5be1f66762c8f4b8e73020d509528b8bfc108119f44107f3f7196601cde471f6c054f67808048ffd2a4cf5a
|
|
7
|
+
data.tar.gz: d354db70f1a6b46411496b2ce415baf68a5c8c087bbf3fd4b578af1031e33ff657b201976985385384f8efe6d19dc99c97a6612e033bd11529eb92fb686baf26
|
data/.gems
ADDED
data/lib/rack/secure_headers.rb
CHANGED
|
@@ -10,46 +10,47 @@ module Rack
|
|
|
10
10
|
x_xss_protection: "1; mode=block"
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
DEFAULT_HEADERS = {
|
|
14
|
-
x_content_type_options: "X-Content-Type-Options",
|
|
15
|
-
x_frame_options: "X-Frame-Options",
|
|
16
|
-
x_permitted_cross_domain_policies: "X-Permitted-Cross-Domain-Policies",
|
|
17
|
-
x_xss_protection: "X-XSS-Protection"
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
HSTS_HEADER = "Strict-Transport-Security".freeze
|
|
21
|
-
|
|
22
13
|
def initialize(app, options = {})
|
|
14
|
+
options = DEFAULTS.merge(options)
|
|
15
|
+
|
|
23
16
|
@app = app
|
|
24
|
-
@
|
|
17
|
+
@headers = base_headers(options)
|
|
18
|
+
|
|
19
|
+
if options[:hsts]
|
|
20
|
+
@headers["Strict-Transport-Security"] = hsts_header(options[:hsts])
|
|
21
|
+
end
|
|
25
22
|
end
|
|
26
23
|
|
|
27
24
|
def call(env)
|
|
28
|
-
|
|
25
|
+
tuple = @app.call(env)
|
|
26
|
+
tuple[1].merge!(@headers)
|
|
29
27
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
28
|
+
return tuple
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
private
|
|
33
32
|
|
|
34
|
-
|
|
35
|
-
|
|
33
|
+
def base_headers(options)
|
|
34
|
+
headers = {
|
|
35
|
+
"X-Content-Type-Options" => options[:x_content_type_options],
|
|
36
|
+
"X-Frame-Options" => options[:x_frame_options],
|
|
37
|
+
"X-Permitted-Cross-Domain-Policies" => options[:x_permitted_cross_domain_policies],
|
|
38
|
+
"X-XSS-Protection" => options[:x_xss_protection],
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
headers.each do |header, value|
|
|
42
|
+
headers.delete(header) if value.nil?
|
|
36
43
|
end
|
|
37
44
|
|
|
38
|
-
return
|
|
45
|
+
return headers
|
|
39
46
|
end
|
|
40
47
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
def self.hsts(opts)
|
|
47
|
-
header = sprintf(HSTS_MAX_AGE, opts.fetch(:max_age))
|
|
48
|
-
header << HSTS_INCLUDE_SUBDOMAINS if opts[:include_subdomains]
|
|
49
|
-
header << HSTS_PRELOAD if opts[:preload]
|
|
48
|
+
def hsts_header(options)
|
|
49
|
+
header = sprintf("max-age=%s", options.fetch(:max_age))
|
|
50
|
+
header << "; includeSubdomains" if options[:include_subdomains]
|
|
51
|
+
header << "; preload" if options[:preload]
|
|
50
52
|
|
|
51
|
-
|
|
52
|
-
end
|
|
53
|
+
return header
|
|
53
54
|
end
|
|
54
55
|
end
|
|
55
56
|
end
|
data/makefile
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
default:
|
|
2
|
-
cutest -r ./test/helper.rb ./test/*.rb
|
|
2
|
+
@cutest -r ./test/helper.rb ./test/*.rb
|
data/rack-secure_headers.gemspec
CHANGED
|
@@ -12,7 +12,6 @@ Gem::Specification.new do |s|
|
|
|
12
12
|
|
|
13
13
|
s.files = `git ls-files`.split("\n")
|
|
14
14
|
|
|
15
|
-
s.add_dependency "rack", "~> 1.6
|
|
16
|
-
s.add_development_dependency "
|
|
17
|
-
s.add_development_dependency "cutest", "~> 1.2"
|
|
15
|
+
s.add_dependency "rack", "~> 1.6"
|
|
16
|
+
s.add_development_dependency "cutest", "1.2.2"
|
|
18
17
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Francesco Rodríguez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -16,42 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 1.6
|
|
19
|
+
version: '1.6'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 1.6
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: bundler
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - "~>"
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '1.10'
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - "~>"
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '1.10'
|
|
26
|
+
version: '1.6'
|
|
41
27
|
- !ruby/object:Gem::Dependency
|
|
42
28
|
name: cutest
|
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
|
44
30
|
requirements:
|
|
45
|
-
- -
|
|
31
|
+
- - '='
|
|
46
32
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
33
|
+
version: 1.2.2
|
|
48
34
|
type: :development
|
|
49
35
|
prerelease: false
|
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
37
|
requirements:
|
|
52
|
-
- -
|
|
38
|
+
- - '='
|
|
53
39
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
40
|
+
version: 1.2.2
|
|
55
41
|
description: Security related HTTP headers for Rack applications
|
|
56
42
|
email:
|
|
57
43
|
- frodsan@protonmail.ch
|
|
@@ -59,8 +45,7 @@ executables: []
|
|
|
59
45
|
extensions: []
|
|
60
46
|
extra_rdoc_files: []
|
|
61
47
|
files:
|
|
62
|
-
- ".
|
|
63
|
-
- Gemfile
|
|
48
|
+
- ".gems"
|
|
64
49
|
- LICENSE
|
|
65
50
|
- README.md
|
|
66
51
|
- lib/rack/secure_headers.rb
|
data/.gitignore
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
Gemfile.lock
|
data/Gemfile
DELETED