secure_headers 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of secure_headers might be problematic. Click here for more details.

data/HISTORY.md CHANGED
@@ -1,6 +1,11 @@
1
1
  0.4.3
2
2
  ======
3
3
 
4
+ Safari 5 is just completely broken when CSP is used, both mobile and desktop versions
5
+
6
+ 0.4.2
7
+ ======
8
+
4
9
  - Stupid bug where Fixnums couldn't be used for config values
5
10
  - Doc updates
6
11
 
@@ -1,3 +1,3 @@
1
1
  module SecureHeaders
2
- VERSION = "0.4.2"
2
+ VERSION = "0.4.3"
3
3
  end
@@ -114,7 +114,7 @@ module SecureHeaders
114
114
 
115
115
  def broken_implementation?(browser)
116
116
  #IOS 5 sometimes refuses to load external resources even when whitelisted with CSP
117
- return browser.ios5?
117
+ return browser.ios5? || (browser.safari? && browser.version == 5)
118
118
  end
119
119
  end
120
120
  end
@@ -24,7 +24,10 @@ describe SecureHeaders do
24
24
  :chrome => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5',
25
25
  :ie => 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)',
26
26
  :opera => 'Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00',
27
- :ios5 => "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3"
27
+ :ios5 => "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
28
+ :ios6 => "Mozilla/5.0 (iPhone; CPU iPhone OS 614 like Mac OS X) AppleWebKit/536.26 (KHTML like Gecko) Version/6.0 Mobile/10B350 Safari/8536.25",
29
+ :safari5 => "Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko ) Version/5.1 Mobile/9B176 Safari/7534.48.3",
30
+ :safari6 => "Mozilla/5.0 (Macintosh; Intel Mac OS X 1084) AppleWebKit/536.30.1 (KHTML like Gecko) Version/6.0.5 Safari/536.30.1"
28
31
  }
29
32
 
30
33
  def should_assign_header name, value
@@ -81,8 +84,8 @@ describe SecureHeaders do
81
84
  5
82
85
  when :opera
83
86
  4
84
- when :ios5
85
- 3 # csp is disabled for ios5
87
+ when :ios5, :safari5
88
+ 3 # csp breaks these browsers
86
89
  else
87
90
  4
88
91
  end
metadata CHANGED
@@ -1,62 +1,55 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
- version: !ruby/object:Gem::Version
4
- hash: 11
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.4.3
5
5
  prerelease:
6
- segments:
7
- - 0
8
- - 4
9
- - 2
10
- version: 0.4.2
11
6
  platform: ruby
12
- authors:
7
+ authors:
13
8
  - Neil Matatall
14
9
  autorequire:
15
10
  bindir: bin
16
11
  cert_chain: []
17
-
18
- date: 2013-05-05 00:00:00 Z
19
- dependencies:
20
- - !ruby/object:Gem::Dependency
12
+ date: 2013-05-07 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
21
15
  name: brwsr
22
- prerelease: false
23
- requirement: &id001 !ruby/object:Gem::Requirement
16
+ requirement: !ruby/object:Gem::Requirement
24
17
  none: false
25
- requirements:
26
- - - ">="
27
- - !ruby/object:Gem::Version
28
- hash: 17
29
- segments:
30
- - 1
31
- - 1
32
- - 1
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
33
21
  version: 1.1.1
34
22
  type: :runtime
35
- version_requirements: *id001
36
- - !ruby/object:Gem::Dependency
37
- name: rake
38
23
  prerelease: false
39
- requirement: &id002 !ruby/object:Gem::Requirement
24
+ version_requirements: !ruby/object:Gem::Requirement
40
25
  none: false
41
- requirements:
42
- - - ">="
43
- - !ruby/object:Gem::Version
44
- hash: 3
45
- segments:
46
- - 0
47
- version: "0"
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: 1.1.1
30
+ - !ruby/object:Gem::Dependency
31
+ name: rake
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
48
38
  type: :development
49
- version_requirements: *id002
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
50
46
  description: Add easily configured browser headers to responses.
51
- email:
47
+ email:
52
48
  - neil.matatall@gmail.com
53
49
  executables: []
54
-
55
50
  extensions: []
56
-
57
51
  extra_rdoc_files: []
58
-
59
- files:
52
+ files:
60
53
  - .gitignore
61
54
  - .rvmrc
62
55
  - .travis.yml
@@ -177,39 +170,32 @@ files:
177
170
  - spec/spec_helper.rb
178
171
  - travis.sh
179
172
  homepage: https://github.com/twitter/secureheaders
180
- licenses:
173
+ licenses:
181
174
  - Apache Public License 2.0
182
175
  post_install_message:
183
176
  rdoc_options: []
184
-
185
- require_paths:
177
+ require_paths:
186
178
  - lib
187
- required_ruby_version: !ruby/object:Gem::Requirement
179
+ required_ruby_version: !ruby/object:Gem::Requirement
188
180
  none: false
189
- requirements:
190
- - - ">="
191
- - !ruby/object:Gem::Version
192
- hash: 3
193
- segments:
194
- - 0
195
- version: "0"
196
- required_rubygems_version: !ruby/object:Gem::Requirement
181
+ requirements:
182
+ - - ! '>='
183
+ - !ruby/object:Gem::Version
184
+ version: '0'
185
+ required_rubygems_version: !ruby/object:Gem::Requirement
197
186
  none: false
198
- requirements:
199
- - - ">="
200
- - !ruby/object:Gem::Version
201
- hash: 3
202
- segments:
203
- - 0
204
- version: "0"
187
+ requirements:
188
+ - - ! '>='
189
+ - !ruby/object:Gem::Version
190
+ version: '0'
205
191
  requirements: []
206
-
207
192
  rubyforge_project:
208
193
  rubygems_version: 1.8.24
209
194
  signing_key:
210
195
  specification_version: 3
211
- summary: Add easily configured browser headers to responses including content security policy, x-frame-options, strict-transport-security and more.
212
- test_files:
196
+ summary: Add easily configured browser headers to responses including content security
197
+ policy, x-frame-options, strict-transport-security and more.
198
+ test_files:
213
199
  - spec/controllers/content_security_policy_controller_spec.rb
214
200
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
215
201
  - spec/lib/secure_headers/headers/strict_transport_security_spec.rb