secure_headers 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of secure_headers might be problematic. Click here for more details.

data/HISTORY.md CHANGED
@@ -1,10 +1,17 @@
1
+ 0.4.1
2
+ ======
3
+
4
+ - Allow strings or ints in the HSTS max-age (@reedloden)
5
+
1
6
  0.4.0
2
7
  =======
8
+
3
9
  - Treat each header as it's own before_filter. This allows you to `skip_before_filter :set_X_header, :only => :bad_idea
4
10
  - Should be backwards compatible, but it is a change to the API.
5
11
 
6
12
  0.3.0
7
13
  =======
14
+
8
15
  - Greatly reduce the need to use the forward_endpoint attribute. If you are posting from your site to a host that matches TLD+1 (e.g. translate.twitter.com matches twitter.com), use a protocol relative value for report-uri. This will alleviate the need to use forwarding. If your host doesn't match, you still need to use forwarding due to host mismatches for Firefox.
9
16
 
10
17
  0.2.3
data/README.md CHANGED
@@ -77,7 +77,7 @@ This gem makes a few assumptions about how you will use some features. For exam
77
77
  }
78
78
  end
79
79
 
80
- # and then simply include
80
+ # and then simply include this in application_controller
81
81
  ensure_security_headers
82
82
  ```
83
83
 
@@ -41,7 +41,7 @@ module SecureHeaders
41
41
  if @config.is_a? Hash
42
42
  if !@config[:max_age]
43
43
  raise STSBuildError.new("No max-age was supplied.")
44
- elsif @config[:max_age] !~ /\A\d+\z/
44
+ elsif @config[:max_age].to_s !~ /\A\d+\z/
45
45
  raise STSBuildError.new("max-age must be a number. #{@config[:max_age]} was supplied.")
46
46
  end
47
47
  else
@@ -1,3 +1,3 @@
1
1
  module SecureHeaders
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.1"
3
3
  end
@@ -28,6 +28,18 @@ module SecureHeaders
28
28
 
29
29
  context "with an invalid configuration" do
30
30
  context "with a hash argument" do
31
+ it "should allow string values for max-age" do
32
+ lambda {
33
+ StrictTransportSecurity.new(:max_age => '1234')
34
+ }.should_not raise_error
35
+ end
36
+
37
+ it "should allow integer values for max-age" do
38
+ lambda {
39
+ StrictTransportSecurity.new(:max_age => 1234)
40
+ }.should_not raise_error
41
+ end
42
+
31
43
  it "raises an exception with an invalid max-age" do
32
44
  lambda {
33
45
  StrictTransportSecurity.new(:max_age => 'abc123')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-04-08 00:00:00.000000000 Z
12
+ date: 2013-04-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: brwsr
@@ -190,7 +190,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
190
190
  version: '0'
191
191
  requirements: []
192
192
  rubyforge_project:
193
- rubygems_version: 1.8.23
193
+ rubygems_version: 1.8.24
194
194
  signing_key:
195
195
  specification_version: 3
196
196
  summary: Add easily configured browser headers to responses including content security