secure_headers 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
- data/HISTORY.md +5 -0
- data/lib/secure_headers/version.rb +1 -1
- data/lib/secure_headers.rb +1 -1
- data/spec/lib/secure_headers_spec.rb +6 -3
- metadata +48 -62
data/HISTORY.md
CHANGED
data/lib/secure_headers.rb
CHANGED
|
@@ -114,7 +114,7 @@ module SecureHeaders
|
|
|
114
114
|
|
|
115
115
|
def broken_implementation?(browser)
|
|
116
116
|
#IOS 5 sometimes refuses to load external resources even when whitelisted with CSP
|
|
117
|
-
return browser.ios5?
|
|
117
|
+
return browser.ios5? || (browser.safari? && browser.version == 5)
|
|
118
118
|
end
|
|
119
119
|
end
|
|
120
120
|
end
|
|
@@ -24,7 +24,10 @@ describe SecureHeaders do
|
|
|
24
24
|
:chrome => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5',
|
|
25
25
|
:ie => 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)',
|
|
26
26
|
:opera => 'Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00',
|
|
27
|
-
:ios5 => "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3"
|
|
27
|
+
:ios5 => "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
|
|
28
|
+
:ios6 => "Mozilla/5.0 (iPhone; CPU iPhone OS 614 like Mac OS X) AppleWebKit/536.26 (KHTML like Gecko) Version/6.0 Mobile/10B350 Safari/8536.25",
|
|
29
|
+
:safari5 => "Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko ) Version/5.1 Mobile/9B176 Safari/7534.48.3",
|
|
30
|
+
:safari6 => "Mozilla/5.0 (Macintosh; Intel Mac OS X 1084) AppleWebKit/536.30.1 (KHTML like Gecko) Version/6.0.5 Safari/536.30.1"
|
|
28
31
|
}
|
|
29
32
|
|
|
30
33
|
def should_assign_header name, value
|
|
@@ -81,8 +84,8 @@ describe SecureHeaders do
|
|
|
81
84
|
5
|
|
82
85
|
when :opera
|
|
83
86
|
4
|
|
84
|
-
when :ios5
|
|
85
|
-
3 # csp
|
|
87
|
+
when :ios5, :safari5
|
|
88
|
+
3 # csp breaks these browsers
|
|
86
89
|
else
|
|
87
90
|
4
|
|
88
91
|
end
|
metadata
CHANGED
|
@@ -1,62 +1,55 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.4.3
|
|
5
5
|
prerelease:
|
|
6
|
-
segments:
|
|
7
|
-
- 0
|
|
8
|
-
- 4
|
|
9
|
-
- 2
|
|
10
|
-
version: 0.4.2
|
|
11
6
|
platform: ruby
|
|
12
|
-
authors:
|
|
7
|
+
authors:
|
|
13
8
|
- Neil Matatall
|
|
14
9
|
autorequire:
|
|
15
10
|
bindir: bin
|
|
16
11
|
cert_chain: []
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
- !ruby/object:Gem::Dependency
|
|
12
|
+
date: 2013-05-07 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
21
15
|
name: brwsr
|
|
22
|
-
|
|
23
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
24
17
|
none: false
|
|
25
|
-
requirements:
|
|
26
|
-
- -
|
|
27
|
-
- !ruby/object:Gem::Version
|
|
28
|
-
hash: 17
|
|
29
|
-
segments:
|
|
30
|
-
- 1
|
|
31
|
-
- 1
|
|
32
|
-
- 1
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
33
21
|
version: 1.1.1
|
|
34
22
|
type: :runtime
|
|
35
|
-
version_requirements: *id001
|
|
36
|
-
- !ruby/object:Gem::Dependency
|
|
37
|
-
name: rake
|
|
38
23
|
prerelease: false
|
|
39
|
-
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
40
25
|
none: false
|
|
41
|
-
requirements:
|
|
42
|
-
- -
|
|
43
|
-
- !ruby/object:Gem::Version
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
26
|
+
requirements:
|
|
27
|
+
- - ! '>='
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: 1.1.1
|
|
30
|
+
- !ruby/object:Gem::Dependency
|
|
31
|
+
name: rake
|
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
34
|
+
requirements:
|
|
35
|
+
- - ! '>='
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
48
38
|
type: :development
|
|
49
|
-
|
|
39
|
+
prerelease: false
|
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
42
|
+
requirements:
|
|
43
|
+
- - ! '>='
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: '0'
|
|
50
46
|
description: Add easily configured browser headers to responses.
|
|
51
|
-
email:
|
|
47
|
+
email:
|
|
52
48
|
- neil.matatall@gmail.com
|
|
53
49
|
executables: []
|
|
54
|
-
|
|
55
50
|
extensions: []
|
|
56
|
-
|
|
57
51
|
extra_rdoc_files: []
|
|
58
|
-
|
|
59
|
-
files:
|
|
52
|
+
files:
|
|
60
53
|
- .gitignore
|
|
61
54
|
- .rvmrc
|
|
62
55
|
- .travis.yml
|
|
@@ -177,39 +170,32 @@ files:
|
|
|
177
170
|
- spec/spec_helper.rb
|
|
178
171
|
- travis.sh
|
|
179
172
|
homepage: https://github.com/twitter/secureheaders
|
|
180
|
-
licenses:
|
|
173
|
+
licenses:
|
|
181
174
|
- Apache Public License 2.0
|
|
182
175
|
post_install_message:
|
|
183
176
|
rdoc_options: []
|
|
184
|
-
|
|
185
|
-
require_paths:
|
|
177
|
+
require_paths:
|
|
186
178
|
- lib
|
|
187
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
179
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
188
180
|
none: false
|
|
189
|
-
requirements:
|
|
190
|
-
- -
|
|
191
|
-
- !ruby/object:Gem::Version
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
- 0
|
|
195
|
-
version: "0"
|
|
196
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
181
|
+
requirements:
|
|
182
|
+
- - ! '>='
|
|
183
|
+
- !ruby/object:Gem::Version
|
|
184
|
+
version: '0'
|
|
185
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
197
186
|
none: false
|
|
198
|
-
requirements:
|
|
199
|
-
- -
|
|
200
|
-
- !ruby/object:Gem::Version
|
|
201
|
-
|
|
202
|
-
segments:
|
|
203
|
-
- 0
|
|
204
|
-
version: "0"
|
|
187
|
+
requirements:
|
|
188
|
+
- - ! '>='
|
|
189
|
+
- !ruby/object:Gem::Version
|
|
190
|
+
version: '0'
|
|
205
191
|
requirements: []
|
|
206
|
-
|
|
207
192
|
rubyforge_project:
|
|
208
193
|
rubygems_version: 1.8.24
|
|
209
194
|
signing_key:
|
|
210
195
|
specification_version: 3
|
|
211
|
-
summary: Add easily configured browser headers to responses including content security
|
|
212
|
-
|
|
196
|
+
summary: Add easily configured browser headers to responses including content security
|
|
197
|
+
policy, x-frame-options, strict-transport-security and more.
|
|
198
|
+
test_files:
|
|
213
199
|
- spec/controllers/content_security_policy_controller_spec.rb
|
|
214
200
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
215
201
|
- spec/lib/secure_headers/headers/strict_transport_security_spec.rb
|