secure_headers 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
data/Guardfile
CHANGED
|
@@ -2,7 +2,7 @@ guard 'spork', :aggressive_kill => false do
|
|
|
2
2
|
watch('spec/spec_helper.rb') { :rspec }
|
|
3
3
|
end
|
|
4
4
|
|
|
5
|
-
guard 'rspec', :cli => "--color --drb", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
|
|
5
|
+
guard 'rspec', :cli => "--color --drb --debug", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
|
|
6
6
|
watch(%r{^spec/.+_spec\.rb$})
|
|
7
7
|
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
|
|
8
8
|
watch(%r{^app/controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
|
data/HISTORY.md
CHANGED
|
@@ -177,7 +177,9 @@ module SecureHeaders
|
|
|
177
177
|
# we need to forward the request for Firefox.
|
|
178
178
|
def normalize_reporting_endpoint
|
|
179
179
|
return unless browser_strategy.normalize_reporting_endpoint?
|
|
180
|
-
|
|
180
|
+
if same_origin? || report_uri.nil? || URI.parse(report_uri).host.nil?
|
|
181
|
+
return
|
|
182
|
+
end
|
|
181
183
|
|
|
182
184
|
if forward_endpoint
|
|
183
185
|
@report_uri = FF_CSP_ENDPOINT
|
|
@@ -165,9 +165,9 @@ module SecureHeaders
|
|
|
165
165
|
csp.report_uri.should == FF_CSP_ENDPOINT
|
|
166
166
|
end
|
|
167
167
|
|
|
168
|
-
it "doesn't
|
|
169
|
-
csp = ContentSecurityPolicy.new({:report_uri => "
|
|
170
|
-
csp.report_uri.should
|
|
168
|
+
it "doesn't change report-uri if a path supplied" do
|
|
169
|
+
csp = ContentSecurityPolicy.new({:report_uri => "/csp_reports"}, :request => request_for(FIREFOX, "https://anexample.com"))
|
|
170
|
+
csp.report_uri.should == "/csp_reports"
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
it "forwards if the request_uri is set to a non-matching value" do
|
|
@@ -224,7 +224,7 @@ module SecureHeaders
|
|
|
224
224
|
context "X-Content-Security-Policy" do
|
|
225
225
|
it "builds a csp header for firefox" do
|
|
226
226
|
csp = ContentSecurityPolicy.new(default_opts, :request => request_for(FIREFOX))
|
|
227
|
-
csp.value.should == "allow https://*; options inline-script eval-script; img-src data:; script-src https://* data:; style-src https://* chrome-extension: about:;"
|
|
227
|
+
csp.value.should == "allow https://*; options inline-script eval-script; img-src data:; script-src https://* data:; style-src https://* chrome-extension: about:; report-uri /csp_report;"
|
|
228
228
|
end
|
|
229
229
|
|
|
230
230
|
it "copies connect-src values to xhr_src values" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-02-
|
|
12
|
+
date: 2013-02-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: brwsr
|