rack-secure_headers 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e495954722a9dfbac925e93f2e31364056083f04
-  data.tar.gz: 433960cb3b6821c8326d70ee356c452b57748345
+  metadata.gz: c176a48717c3d1afa227f16b0cf649eae502b935
+  data.tar.gz: a261ce0c5d80fc188d574459a7eff2ae728d7e2d
 SHA512:
-  metadata.gz: 7fa557243e1acc57060b9bcc9bb8a390efe31082e5be1f66762c8f4b8e73020d509528b8bfc108119f44107f3f7196601cde471f6c054f67808048ffd2a4cf5a
-  data.tar.gz: d354db70f1a6b46411496b2ce415baf68a5c8c087bbf3fd4b578af1031e33ff657b201976985385384f8efe6d19dc99c97a6612e033bd11529eb92fb686baf26
+  metadata.gz: e3640b92a0a20c00d4604118ae9b078c7c4d45a65bbccb504a952d628872ab3d55796428bde1ab2534affbef21861815ebe7d70562a116b62c817feaace4df0c
+  data.tar.gz: df6304b967ac4fe810aa9171717214b0a46b8c7dfe109d0622eb360731bb873a61e44b098cca870f8488ea86894c7b5e1a148049713ea9e03a38b55cfbe8b820

data/README.md

@@ -1,4 +1,4 @@
-rack-secure_headers
+rack-secure_headers [![Build Status](https://travis-ci.org/frodsan/rack-secure_headers.svg)](https://travis-ci.org/frodsan/rack-secure_headers)
 -------------------
 
 Security related HTTP headers for Rack applications.
@@ -8,6 +8,27 @@ Description
 
 Implements OWASP's [List of useful HTTP headers][owasp].
 
+Installation
+------------
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "rack-secure_headers"
+```
+
+And then execute:
+
+```
+$ bundle
+```
+
+Or install it yourself as:
+
+```
+$ gem install rack-secure_headers
+```
+
 Usage
 -----
 
@@ -93,16 +114,39 @@ TODO
 - [ ] HTTP Public Key Pinning (HPKP).
 - [ ] Content Security Policy (CSP).
 
-Installation
+Contributing
 ------------
 
+Fork the project with:
+
 ```
-$ gem install rack-secure_headers
+$ git clone git@github.com:frodsan/rack-secure_headers.git
+```
+
+To install dependencies, use:
+
 ```
+$ bundle install
+```
+
+To run the test suite, do:
+
+```
+$ rake test
+```
+
+For bug reports and pull requests use [GitHub][issues].
+
+License
+-------
+
+This gem is released under the [MIT License][mit].
 
 [clickjacking]: https://www.owasp.org/index.php/Clickjacking
 [hsts-form]: https://hstspreload.appspot.com/
+[issues]: https://github.com/frodsan/rack-secure_headers/issues
 [mime-sniffing]: https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx
+[mit]: http://www.opensource.org/licenses/MIT
 [owasp]: https://www.owasp.org/index.php/List_of_useful_HTTP_headers
 [pcdp]: https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
 [xss]: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

data/lib/rack/secure_headers.rb

@@ -22,10 +22,11 @@ module Rack
     end
 
     def call(env)
-      tuple = @app.call(env)
-      tuple[1].merge!(@headers)
-
-      return tuple
+      return @app.call(env).tap do |_, headers, _|
+        @headers.each do |key, value|
+          headers[key] ||= value
+        end
+      end
     end
 
     private

data/lib/rack/secure_headers/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class SecureHeaders
-    VERSION = "0.0.2"
+    VERSION = "0.0.3"
   end
 end

data/test/helper.rb

@@ -1,3 +1,5 @@
 require "bundler/setup"
-require "cutest"
+require "minitest/autorun"
+require "minitest/pride"
+require "minitest/sugar"
 require_relative "../lib/rack/secure_headers"

data/test/secure_headers_test.rb

@@ -0,0 +1,53 @@
+require_relative "helper"
+
+class App
+  def call(env)
+    return [200, {}, [""]]
+  end
+end
+
+class SecureHeadersTest < Minitest::Test
+  setup do
+    @app = App.new
+  end
+
+  test "defaults" do
+    middleware = Rack::SecureHeaders.new(@app)
+    headers = middleware.call({})[1]
+
+    expected = {
+      "X-Content-Type-Options" => "nosniff",
+      "X-Frame-Options" => "SAMEORIGIN",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "X-XSS-Protection" => "1; mode=block",
+      "Strict-Transport-Security" => "max-age=31536000; includeSubdomains",
+    }
+
+    assert_equal expected, headers
+  end
+
+  test "nil" do
+    headers = Rack::SecureHeaders::DEFAULTS.keys
+    options = headers.map { |h| [h, nil] }.to_h
+
+    middleware = Rack::SecureHeaders.new(@app, options)
+    headers = middleware.call({})[1]
+
+    assert_equal Hash.new, headers
+  end
+
+  test "hsts options" do
+    middleware = Rack::SecureHeaders.new(@app, hsts: { max_age: 1 })
+    headers = middleware.call({})[1]
+
+    assert_equal "max-age=1", headers["Strict-Transport-Security"]
+
+    options = { max_age: 1, include_subdomains: true, preload: true }
+    middleware = Rack::SecureHeaders.new(@app, hsts: options)
+    headers = middleware.call({})[1]
+
+    expected = "max-age=1; includeSubdomains; preload"
+
+    assert_equal expected, headers["Strict-Transport-Security"]
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-secure_headers
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Francesco Rodríguez
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-01 00:00:00.000000000 Z
+date: 2016-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -25,36 +25,60 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.6'
 - !ruby/object:Gem::Dependency
-  name: cutest
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.2
+        version: '5.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.8'
+- !ruby/object:Gem::Dependency
+  name: minitest-sugar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.2
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
 description: Security related HTTP headers for Rack applications
-email:
-- frodsan@protonmail.ch
+email: frodsan@protonmail.ch
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gems"
 - LICENSE
 - README.md
 - lib/rack/secure_headers.rb
 - lib/rack/secure_headers/version.rb
-- makefile
-- rack-secure_headers.gemspec
 - test/helper.rb
-- test/secure_headers.rb
-homepage: https://github.com/harmoni/rack-secure_headers
+- test/secure_headers_test.rb
+homepage: https://github.com/frodsan/rack-secure_headers
 licenses:
 - MIT
 metadata: {}
@@ -74,8 +98,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.0
 signing_key: 
 specification_version: 4
 summary: Security related HTTP headers for Rack applications
-test_files: []
+test_files:
+- test/helper.rb
+- test/secure_headers_test.rb

data/.gems

@@ -1,2 +0,0 @@
-cutest -v 1.2.2
-rack -v 1.6.4

data/makefile

@@ -1,2 +0,0 @@
-default:
-	@cutest -r ./test/helper.rb ./test/*.rb

data/rack-secure_headers.gemspec

@@ -1,17 +0,0 @@
-require_relative "lib/rack/secure_headers/version"
-
-Gem::Specification.new do |s|
-  s.name        = "rack-secure_headers"
-  s.version     = Rack::SecureHeaders::VERSION
-  s.summary     = "Security related HTTP headers for Rack applications"
-  s.description = s.summary
-  s.authors     = ["Francesco Rodríguez"]
-  s.email       = ["frodsan@protonmail.ch"]
-  s.homepage    = "https://github.com/harmoni/rack-secure_headers"
-  s.license     = "MIT"
-
-  s.files = `git ls-files`.split("\n")
-
-  s.add_dependency "rack", "~> 1.6"
-  s.add_development_dependency "cutest", "1.2.2"
-end

data/test/secure_headers.rb

@@ -1,51 +0,0 @@
-require_relative "helper"
-
-class App
-  def call(env)
-    return [200, {}, [""]]
-  end
-end
-
-setup do
-  App.new
-end
-
-test "defaults" do |app|
-  middleware = Rack::SecureHeaders.new(app)
-  headers = middleware.call({})[1]
-
-  expected = {
-    "X-Content-Type-Options" => "nosniff",
-    "X-Frame-Options" => "SAMEORIGIN",
-    "X-Permitted-Cross-Domain-Policies" => "none",
-    "X-XSS-Protection" => "1; mode=block",
-    "Strict-Transport-Security" => "max-age=31536000; includeSubdomains",
-  }
-
-  assert_equal expected, headers
-end
-
-test "nil" do |app|
-  headers = Rack::SecureHeaders::DEFAULTS.keys
-  options = headers.map { |h| [h, nil] }.to_h
-
-  middleware = Rack::SecureHeaders.new(app, options)
-  headers = middleware.call({})[1]
-
-  assert_equal Hash.new, headers
-end
-
-test "hsts options" do |app|
-  middleware = Rack::SecureHeaders.new(app, hsts: { max_age: 1 })
-  headers = middleware.call({})[1]
-
-  assert_equal "max-age=1", headers["Strict-Transport-Security"]
-
-  options = { max_age: 1, include_subdomains: true, preload: true }
-  middleware = Rack::SecureHeaders.new(app, hsts: options)
-  headers = middleware.call({})[1]
-
-  expected = "max-age=1; includeSubdomains; preload"
-
-  assert_equal expected, headers["Strict-Transport-Security"]
-end