secure_headers 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
data/HISTORY.md
CHANGED
|
@@ -1,10 +1,17 @@
|
|
|
1
|
+
0.4.1
|
|
2
|
+
======
|
|
3
|
+
|
|
4
|
+
- Allow strings or ints in the HSTS max-age (@reedloden)
|
|
5
|
+
|
|
1
6
|
0.4.0
|
|
2
7
|
=======
|
|
8
|
+
|
|
3
9
|
- Treat each header as it's own before_filter. This allows you to `skip_before_filter :set_X_header, :only => :bad_idea
|
|
4
10
|
- Should be backwards compatible, but it is a change to the API.
|
|
5
11
|
|
|
6
12
|
0.3.0
|
|
7
13
|
=======
|
|
14
|
+
|
|
8
15
|
- Greatly reduce the need to use the forward_endpoint attribute. If you are posting from your site to a host that matches TLD+1 (e.g. translate.twitter.com matches twitter.com), use a protocol relative value for report-uri. This will alleviate the need to use forwarding. If your host doesn't match, you still need to use forwarding due to host mismatches for Firefox.
|
|
9
16
|
|
|
10
17
|
0.2.3
|
data/README.md
CHANGED
|
@@ -41,7 +41,7 @@ module SecureHeaders
|
|
|
41
41
|
if @config.is_a? Hash
|
|
42
42
|
if !@config[:max_age]
|
|
43
43
|
raise STSBuildError.new("No max-age was supplied.")
|
|
44
|
-
elsif @config[:max_age] !~ /\A\d+\z/
|
|
44
|
+
elsif @config[:max_age].to_s !~ /\A\d+\z/
|
|
45
45
|
raise STSBuildError.new("max-age must be a number. #{@config[:max_age]} was supplied.")
|
|
46
46
|
end
|
|
47
47
|
else
|
|
@@ -28,6 +28,18 @@ module SecureHeaders
|
|
|
28
28
|
|
|
29
29
|
context "with an invalid configuration" do
|
|
30
30
|
context "with a hash argument" do
|
|
31
|
+
it "should allow string values for max-age" do
|
|
32
|
+
lambda {
|
|
33
|
+
StrictTransportSecurity.new(:max_age => '1234')
|
|
34
|
+
}.should_not raise_error
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it "should allow integer values for max-age" do
|
|
38
|
+
lambda {
|
|
39
|
+
StrictTransportSecurity.new(:max_age => 1234)
|
|
40
|
+
}.should_not raise_error
|
|
41
|
+
end
|
|
42
|
+
|
|
31
43
|
it "raises an exception with an invalid max-age" do
|
|
32
44
|
lambda {
|
|
33
45
|
StrictTransportSecurity.new(:max_age => 'abc123')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: brwsr
|
|
@@ -190,7 +190,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
190
190
|
version: '0'
|
|
191
191
|
requirements: []
|
|
192
192
|
rubyforge_project:
|
|
193
|
-
rubygems_version: 1.8.
|
|
193
|
+
rubygems_version: 1.8.24
|
|
194
194
|
signing_key:
|
|
195
195
|
specification_version: 3
|
|
196
196
|
summary: Add easily configured browser headers to responses including content security
|