secure_headers 1.1.1 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +2 -0
- data/Gemfile +0 -4
- data/Guardfile +1 -5
- data/HISTORY.md +47 -0
- data/README.md +74 -27
- data/fixtures/rails_3_2_12/Gemfile +0 -3
- data/fixtures/rails_3_2_12/app/views/things/index.html.erb +1 -21
- data/fixtures/rails_3_2_12/config/application.rb +4 -4
- data/fixtures/rails_3_2_12/config/environments/development.rb +3 -3
- data/fixtures/rails_3_2_12/config/environments/test.rb +2 -2
- data/fixtures/rails_3_2_12/config/initializers/secure_headers.rb +1 -0
- data/fixtures/rails_3_2_12/spec/controllers/other_things_controller_spec.rb +15 -14
- data/fixtures/rails_3_2_12/spec/controllers/things_controller_spec.rb +12 -12
- data/fixtures/rails_3_2_12/spec/spec_helper.rb +1 -5
- data/fixtures/rails_3_2_12_no_init/Gemfile +0 -3
- data/fixtures/rails_3_2_12_no_init/config/application.rb +1 -4
- data/fixtures/rails_3_2_12_no_init/config/environments/development.rb +3 -3
- data/fixtures/rails_3_2_12_no_init/config/environments/test.rb +2 -2
- data/fixtures/rails_3_2_12_no_init/spec/controllers/other_things_controller_spec.rb +12 -12
- data/fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb +12 -12
- data/fixtures/rails_3_2_12_no_init/spec/spec_helper.rb +3 -18
- data/lib/secure_headers/headers/content_security_policy.rb +52 -35
- data/lib/secure_headers/headers/strict_transport_security.rb +2 -1
- data/lib/secure_headers/headers/x_download_options.rb +39 -0
- data/lib/secure_headers/headers/x_xss_protection.rb +2 -1
- data/lib/secure_headers/padrino.rb +14 -0
- data/lib/secure_headers/railtie.rb +6 -2
- data/lib/secure_headers/version.rb +1 -1
- data/lib/secure_headers.rb +8 -1
- data/spec/controllers/content_security_policy_controller_spec.rb +19 -19
- data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +117 -85
- data/spec/lib/secure_headers/headers/strict_transport_security_spec.rb +21 -20
- data/spec/lib/secure_headers/headers/x_content_type_options_spec.rb +12 -12
- data/spec/lib/secure_headers/headers/x_download_options_spec.rb +32 -0
- data/spec/lib/secure_headers/headers/x_frame_options_spec.rb +12 -12
- data/spec/lib/secure_headers/headers/x_xss_protection_spec.rb +20 -19
- data/spec/lib/secure_headers_spec.rb +38 -12
- data/spec/spec_helper.rb +10 -24
- metadata +11 -20
- data/.rvmrc +0 -1
- data/fixtures/rails_3_2_12/Guardfile +0 -14
- data/fixtures/rails_3_2_12/app/models/thing.rb +0 -3
- data/fixtures/rails_3_2_12/config/database.yml +0 -25
- data/fixtures/rails_3_2_12/db/schema.rb +0 -16
- data/fixtures/rails_3_2_12/db/seeds.rb +0 -7
- data/fixtures/rails_3_2_12_no_init/Guardfile +0 -14
- data/fixtures/rails_3_2_12_no_init/app/models/thing.rb +0 -3
- data/fixtures/rails_3_2_12_no_init/config/database.yml +0 -25
- data/fixtures/rails_3_2_12_no_init/db/schema.rb +0 -16
- data/fixtures/rails_3_2_12_no_init/db/seeds.rb +0 -7
|
@@ -1,53 +1,54 @@
|
|
|
1
1
|
module SecureHeaders
|
|
2
2
|
describe XXssProtection do
|
|
3
|
-
specify { XXssProtection.new.name.
|
|
4
|
-
specify { XXssProtection.new.value.
|
|
5
|
-
specify { XXssProtection.new("0").value.
|
|
6
|
-
specify { XXssProtection.new(:value => 1, :mode => 'block').value.
|
|
3
|
+
specify { expect(XXssProtection.new.name).to eq(X_XSS_PROTECTION_HEADER_NAME)}
|
|
4
|
+
specify { expect(XXssProtection.new.value).to eq("1")}
|
|
5
|
+
specify { expect(XXssProtection.new("0").value).to eq("0")}
|
|
6
|
+
specify { expect(XXssProtection.new(:value => 1, :mode => 'block').value).to eq('1; mode=block') }
|
|
7
|
+
specify { expect(XXssProtection.new(:value => 1, :mode => 'block', :report_uri => 'https://www.secure.com/reports').value).to eq('1; mode=block; report=https://www.secure.com/reports') }
|
|
7
8
|
|
|
8
9
|
context "with invalid configuration" do
|
|
9
10
|
it "should raise an error when providing a string that is not valid" do
|
|
10
|
-
|
|
11
|
+
expect {
|
|
11
12
|
XXssProtection.new("asdf")
|
|
12
|
-
}.
|
|
13
|
+
}.to raise_error(XXssProtectionBuildError)
|
|
13
14
|
|
|
14
|
-
|
|
15
|
+
expect {
|
|
15
16
|
XXssProtection.new("asdf; mode=donkey")
|
|
16
|
-
}.
|
|
17
|
+
}.to raise_error(XXssProtectionBuildError)
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
context "when using a hash value" do
|
|
20
21
|
it "should allow string values ('1' or '0' are the only valid strings)" do
|
|
21
|
-
|
|
22
|
+
expect {
|
|
22
23
|
XXssProtection.new(:value => '1')
|
|
23
|
-
}.
|
|
24
|
+
}.not_to raise_error
|
|
24
25
|
end
|
|
25
26
|
|
|
26
27
|
it "should allow integer values (1 or 0 are the only valid integers)" do
|
|
27
|
-
|
|
28
|
+
expect {
|
|
28
29
|
XXssProtection.new(:value => 1)
|
|
29
|
-
}.
|
|
30
|
+
}.not_to raise_error
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
it "should raise an error if no value key is supplied" do
|
|
33
|
-
|
|
34
|
+
expect {
|
|
34
35
|
XXssProtection.new(:mode => 'block')
|
|
35
|
-
}.
|
|
36
|
+
}.to raise_error(XXssProtectionBuildError)
|
|
36
37
|
end
|
|
37
38
|
|
|
38
39
|
it "should raise an error if an invalid key is supplied" do
|
|
39
|
-
|
|
40
|
+
expect {
|
|
40
41
|
XXssProtection.new(:value => 123)
|
|
41
|
-
}.
|
|
42
|
+
}.to raise_error(XXssProtectionBuildError)
|
|
42
43
|
end
|
|
43
44
|
|
|
44
45
|
it "should raise an error if mode != block" do
|
|
45
|
-
|
|
46
|
+
expect {
|
|
46
47
|
XXssProtection.new(:value => 1, :mode => "donkey")
|
|
47
|
-
}.
|
|
48
|
+
}.to raise_error(XXssProtectionBuildError)
|
|
48
49
|
end
|
|
49
50
|
end
|
|
50
51
|
|
|
51
52
|
end
|
|
52
53
|
end
|
|
53
|
-
end
|
|
54
|
+
end
|
|
@@ -13,9 +13,9 @@ describe SecureHeaders do
|
|
|
13
13
|
|
|
14
14
|
before(:each) do
|
|
15
15
|
stub_user_agent(nil)
|
|
16
|
-
headers.
|
|
17
|
-
subject.
|
|
18
|
-
subject.
|
|
16
|
+
allow(headers).to receive(:[])
|
|
17
|
+
allow(subject).to receive(:response).and_return(response)
|
|
18
|
+
allow(subject).to receive(:request).and_return(request)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
ALL_HEADERS = Hash[[:hsts, :csp, :x_frame_options, :x_content_type_options, :x_xss_protection].map{|header| [header, false]}]
|
|
@@ -32,15 +32,15 @@ describe SecureHeaders do
|
|
|
32
32
|
}
|
|
33
33
|
|
|
34
34
|
def should_assign_header name, value
|
|
35
|
-
response.headers.
|
|
35
|
+
expect(response.headers).to receive(:[]=).with(name, value)
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def should_not_assign_header name
|
|
39
|
-
response.headers.
|
|
39
|
+
expect(response.headers).not_to receive(:[]=).with(name, anything)
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def stub_user_agent val
|
|
43
|
-
request.
|
|
43
|
+
allow(request).to receive_message_chain(:env, :[]).and_return(val)
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def options_for header
|
|
@@ -54,6 +54,7 @@ describe SecureHeaders do
|
|
|
54
54
|
config.x_content_type_options = nil
|
|
55
55
|
config.x_xss_protection = nil
|
|
56
56
|
config.csp = nil
|
|
57
|
+
config.x_download_options = nil
|
|
57
58
|
end
|
|
58
59
|
end
|
|
59
60
|
|
|
@@ -63,12 +64,13 @@ describe SecureHeaders do
|
|
|
63
64
|
subject.set_x_frame_options_header
|
|
64
65
|
subject.set_x_content_type_options_header
|
|
65
66
|
subject.set_x_xss_protection_header
|
|
67
|
+
subject.set_x_download_options_header
|
|
66
68
|
end
|
|
67
69
|
|
|
68
70
|
describe "#ensure_security_headers" do
|
|
69
71
|
it "sets a before filter" do
|
|
70
72
|
options = {}
|
|
71
|
-
DummyClass.
|
|
73
|
+
expect(DummyClass).to receive(:before_filter).exactly(6).times
|
|
72
74
|
DummyClass.ensure_security_headers(options)
|
|
73
75
|
end
|
|
74
76
|
end
|
|
@@ -87,18 +89,19 @@ describe SecureHeaders do
|
|
|
87
89
|
|
|
88
90
|
describe "#set_security_headers" do
|
|
89
91
|
before(:each) do
|
|
90
|
-
SecureHeaders::ContentSecurityPolicy.
|
|
92
|
+
allow(SecureHeaders::ContentSecurityPolicy).to receive(:new).and_return(double.as_null_object)
|
|
91
93
|
end
|
|
92
94
|
USER_AGENTS.each do |name, useragent|
|
|
93
95
|
it "sets all default headers for #{name} (smoke test)" do
|
|
94
96
|
stub_user_agent(useragent)
|
|
95
|
-
number_of_headers =
|
|
96
|
-
subject.
|
|
97
|
+
number_of_headers = 6
|
|
98
|
+
expect(subject).to receive(:set_header).exactly(number_of_headers).times # a request for a given header
|
|
97
99
|
subject.set_csp_header
|
|
98
100
|
subject.set_x_frame_options_header
|
|
99
101
|
subject.set_hsts_header
|
|
100
102
|
subject.set_x_xss_protection_header
|
|
101
103
|
subject.set_x_content_type_options_header
|
|
104
|
+
subject.set_x_download_options_header
|
|
102
105
|
end
|
|
103
106
|
end
|
|
104
107
|
|
|
@@ -113,6 +116,11 @@ describe SecureHeaders do
|
|
|
113
116
|
subject.set_x_xss_protection_header(false)
|
|
114
117
|
end
|
|
115
118
|
|
|
119
|
+
it "does not set the X-Download-Options header if disabled" do
|
|
120
|
+
should_not_assign_header(XDO_HEADER_NAME)
|
|
121
|
+
subject.set_x_download_options_header(false)
|
|
122
|
+
end
|
|
123
|
+
|
|
116
124
|
it "does not set the X-Frame-Options header if disabled" do
|
|
117
125
|
should_not_assign_header(XFO_HEADER_NAME)
|
|
118
126
|
subject.set_x_frame_options_header(false)
|
|
@@ -124,7 +132,7 @@ describe SecureHeaders do
|
|
|
124
132
|
end
|
|
125
133
|
|
|
126
134
|
it "does not set the HSTS header if request is over HTTP" do
|
|
127
|
-
subject.
|
|
135
|
+
allow(subject).to receive_message_chain(:request, :ssl?).and_return(false)
|
|
128
136
|
should_not_assign_header(HSTS_HEADER_NAME)
|
|
129
137
|
subject.set_hsts_header({:include_subdomains => true})
|
|
130
138
|
end
|
|
@@ -143,8 +151,9 @@ describe SecureHeaders do
|
|
|
143
151
|
config.x_content_type_options = false
|
|
144
152
|
config.x_xss_protection = false
|
|
145
153
|
config.csp = false
|
|
154
|
+
config.x_download_options = false
|
|
146
155
|
end
|
|
147
|
-
subject.
|
|
156
|
+
expect(subject).not_to receive(:set_header)
|
|
148
157
|
set_security_headers(subject)
|
|
149
158
|
reset_config
|
|
150
159
|
end
|
|
@@ -163,6 +172,18 @@ describe SecureHeaders do
|
|
|
163
172
|
end
|
|
164
173
|
end
|
|
165
174
|
|
|
175
|
+
describe "#set_x_download_options_header" do
|
|
176
|
+
it "sets the X-Download-Options header" do
|
|
177
|
+
should_assign_header(XDO_HEADER_NAME, SecureHeaders::XDownloadOptions::Constants::DEFAULT_VALUE)
|
|
178
|
+
subject.set_x_download_options_header
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
it "allows a custom X-Download-Options header" do
|
|
182
|
+
should_assign_header(XDO_HEADER_NAME, "noopen")
|
|
183
|
+
subject.set_x_download_options_header(:value => 'noopen')
|
|
184
|
+
end
|
|
185
|
+
end
|
|
186
|
+
|
|
166
187
|
describe "#set_strict_transport_security" do
|
|
167
188
|
it "sets the Strict-Transport-Security header" do
|
|
168
189
|
should_assign_header(HSTS_HEADER_NAME, SecureHeaders::StrictTransportSecurity::Constants::DEFAULT_VALUE)
|
|
@@ -178,6 +199,11 @@ describe SecureHeaders do
|
|
|
178
199
|
should_assign_header(HSTS_HEADER_NAME, "max-age=#{HSTS_MAX_AGE}; includeSubdomains")
|
|
179
200
|
subject.set_hsts_header(:max_age => HSTS_MAX_AGE, :include_subdomains => true)
|
|
180
201
|
end
|
|
202
|
+
|
|
203
|
+
it "allows you to specify preload" do
|
|
204
|
+
should_assign_header(HSTS_HEADER_NAME, "max-age=#{HSTS_MAX_AGE}; includeSubdomains; preload")
|
|
205
|
+
subject.set_hsts_header(:max_age => HSTS_MAX_AGE, :include_subdomains => true, :preload => true)
|
|
206
|
+
end
|
|
181
207
|
end
|
|
182
208
|
|
|
183
209
|
describe "#set_x_xss_protection" do
|
data/spec/spec_helper.rb
CHANGED
|
@@ -1,25 +1,11 @@
|
|
|
1
1
|
require 'rubygems'
|
|
2
|
-
require '
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
require 'pry'
|
|
13
|
-
require 'rspec'
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
Spork.each_run do
|
|
17
|
-
require File.join(File.dirname(__FILE__), '..', 'lib', 'secure_headers')
|
|
18
|
-
require File.join(File.dirname(__FILE__), '..', 'app', 'controllers', 'content_security_policy_controller')
|
|
19
|
-
include ::SecureHeaders::StrictTransportSecurity::Constants
|
|
20
|
-
include ::SecureHeaders::ContentSecurityPolicy::Constants
|
|
21
|
-
include ::SecureHeaders::XFrameOptions::Constants
|
|
22
|
-
include ::SecureHeaders::XXssProtection::Constants
|
|
23
|
-
include ::SecureHeaders::XContentTypeOptions::Constants
|
|
24
|
-
end
|
|
25
|
-
|
|
2
|
+
require 'rspec'
|
|
3
|
+
|
|
4
|
+
require File.join(File.dirname(__FILE__), '..', 'lib', 'secure_headers')
|
|
5
|
+
require File.join(File.dirname(__FILE__), '..', 'app', 'controllers', 'content_security_policy_controller')
|
|
6
|
+
include ::SecureHeaders::StrictTransportSecurity::Constants
|
|
7
|
+
include ::SecureHeaders::ContentSecurityPolicy::Constants
|
|
8
|
+
include ::SecureHeaders::XFrameOptions::Constants
|
|
9
|
+
include ::SecureHeaders::XXssProtection::Constants
|
|
10
|
+
include ::SecureHeaders::XContentTypeOptions::Constants
|
|
11
|
+
include ::SecureHeaders::XDownloadOptions::Constants
|
metadata
CHANGED
|
@@ -1,20 +1,18 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 1.3.4
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
8
7
|
- Neil Matatall
|
|
9
8
|
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date:
|
|
11
|
+
date: 2014-10-13 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: rake
|
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
-
none: false
|
|
18
16
|
requirements:
|
|
19
17
|
- - ! '>='
|
|
20
18
|
- !ruby/object:Gem::Version
|
|
@@ -22,7 +20,6 @@ dependencies:
|
|
|
22
20
|
type: :development
|
|
23
21
|
prerelease: false
|
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
-
none: false
|
|
26
23
|
requirements:
|
|
27
24
|
- - ! '>='
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
@@ -35,7 +32,8 @@ extensions: []
|
|
|
35
32
|
extra_rdoc_files: []
|
|
36
33
|
files:
|
|
37
34
|
- .gitignore
|
|
38
|
-
- .
|
|
35
|
+
- .ruby-gemset
|
|
36
|
+
- .ruby-version
|
|
39
37
|
- .travis.yml
|
|
40
38
|
- Gemfile
|
|
41
39
|
- Guardfile
|
|
@@ -48,21 +46,18 @@ files:
|
|
|
48
46
|
- config/routes.rb
|
|
49
47
|
- fixtures/rails_3_2_12/.rspec
|
|
50
48
|
- fixtures/rails_3_2_12/Gemfile
|
|
51
|
-
- fixtures/rails_3_2_12/Guardfile
|
|
52
49
|
- fixtures/rails_3_2_12/README.rdoc
|
|
53
50
|
- fixtures/rails_3_2_12/Rakefile
|
|
54
51
|
- fixtures/rails_3_2_12/app/controllers/application_controller.rb
|
|
55
52
|
- fixtures/rails_3_2_12/app/controllers/other_things_controller.rb
|
|
56
53
|
- fixtures/rails_3_2_12/app/controllers/things_controller.rb
|
|
57
54
|
- fixtures/rails_3_2_12/app/models/.gitkeep
|
|
58
|
-
- fixtures/rails_3_2_12/app/models/thing.rb
|
|
59
55
|
- fixtures/rails_3_2_12/app/views/layouts/application.html.erb
|
|
60
56
|
- fixtures/rails_3_2_12/app/views/other_things/index.html.erb
|
|
61
57
|
- fixtures/rails_3_2_12/app/views/things/index.html.erb
|
|
62
58
|
- fixtures/rails_3_2_12/config.ru
|
|
63
59
|
- fixtures/rails_3_2_12/config/application.rb
|
|
64
60
|
- fixtures/rails_3_2_12/config/boot.rb
|
|
65
|
-
- fixtures/rails_3_2_12/config/database.yml
|
|
66
61
|
- fixtures/rails_3_2_12/config/environment.rb
|
|
67
62
|
- fixtures/rails_3_2_12/config/environments/development.rb
|
|
68
63
|
- fixtures/rails_3_2_12/config/environments/production.rb
|
|
@@ -76,8 +71,6 @@ files:
|
|
|
76
71
|
- fixtures/rails_3_2_12/config/initializers/wrap_parameters.rb
|
|
77
72
|
- fixtures/rails_3_2_12/config/locales/en.yml
|
|
78
73
|
- fixtures/rails_3_2_12/config/routes.rb
|
|
79
|
-
- fixtures/rails_3_2_12/db/schema.rb
|
|
80
|
-
- fixtures/rails_3_2_12/db/seeds.rb
|
|
81
74
|
- fixtures/rails_3_2_12/lib/assets/.gitkeep
|
|
82
75
|
- fixtures/rails_3_2_12/lib/tasks/.gitkeep
|
|
83
76
|
- fixtures/rails_3_2_12/log/.gitkeep
|
|
@@ -89,14 +82,12 @@ files:
|
|
|
89
82
|
- fixtures/rails_3_2_12/vendor/plugins/.gitkeep
|
|
90
83
|
- fixtures/rails_3_2_12_no_init/.rspec
|
|
91
84
|
- fixtures/rails_3_2_12_no_init/Gemfile
|
|
92
|
-
- fixtures/rails_3_2_12_no_init/Guardfile
|
|
93
85
|
- fixtures/rails_3_2_12_no_init/README.rdoc
|
|
94
86
|
- fixtures/rails_3_2_12_no_init/Rakefile
|
|
95
87
|
- fixtures/rails_3_2_12_no_init/app/controllers/application_controller.rb
|
|
96
88
|
- fixtures/rails_3_2_12_no_init/app/controllers/other_things_controller.rb
|
|
97
89
|
- fixtures/rails_3_2_12_no_init/app/controllers/things_controller.rb
|
|
98
90
|
- fixtures/rails_3_2_12_no_init/app/models/.gitkeep
|
|
99
|
-
- fixtures/rails_3_2_12_no_init/app/models/thing.rb
|
|
100
91
|
- fixtures/rails_3_2_12_no_init/app/views/layouts/application.html.erb
|
|
101
92
|
- fixtures/rails_3_2_12_no_init/app/views/other_things/index.html.erb
|
|
102
93
|
- fixtures/rails_3_2_12_no_init/app/views/things/_form.html.erb
|
|
@@ -107,7 +98,6 @@ files:
|
|
|
107
98
|
- fixtures/rails_3_2_12_no_init/config.ru
|
|
108
99
|
- fixtures/rails_3_2_12_no_init/config/application.rb
|
|
109
100
|
- fixtures/rails_3_2_12_no_init/config/boot.rb
|
|
110
|
-
- fixtures/rails_3_2_12_no_init/config/database.yml
|
|
111
101
|
- fixtures/rails_3_2_12_no_init/config/environment.rb
|
|
112
102
|
- fixtures/rails_3_2_12_no_init/config/environments/development.rb
|
|
113
103
|
- fixtures/rails_3_2_12_no_init/config/environments/production.rb
|
|
@@ -120,8 +110,6 @@ files:
|
|
|
120
110
|
- fixtures/rails_3_2_12_no_init/config/initializers/wrap_parameters.rb
|
|
121
111
|
- fixtures/rails_3_2_12_no_init/config/locales/en.yml
|
|
122
112
|
- fixtures/rails_3_2_12_no_init/config/routes.rb
|
|
123
|
-
- fixtures/rails_3_2_12_no_init/db/schema.rb
|
|
124
|
-
- fixtures/rails_3_2_12_no_init/db/seeds.rb
|
|
125
113
|
- fixtures/rails_3_2_12_no_init/lib/assets/.gitkeep
|
|
126
114
|
- fixtures/rails_3_2_12_no_init/lib/tasks/.gitkeep
|
|
127
115
|
- fixtures/rails_3_2_12_no_init/log/.gitkeep
|
|
@@ -136,8 +124,10 @@ files:
|
|
|
136
124
|
- lib/secure_headers/headers/content_security_policy.rb
|
|
137
125
|
- lib/secure_headers/headers/strict_transport_security.rb
|
|
138
126
|
- lib/secure_headers/headers/x_content_type_options.rb
|
|
127
|
+
- lib/secure_headers/headers/x_download_options.rb
|
|
139
128
|
- lib/secure_headers/headers/x_frame_options.rb
|
|
140
129
|
- lib/secure_headers/headers/x_xss_protection.rb
|
|
130
|
+
- lib/secure_headers/padrino.rb
|
|
141
131
|
- lib/secure_headers/railtie.rb
|
|
142
132
|
- lib/secure_headers/version.rb
|
|
143
133
|
- secure_headers.gemspec
|
|
@@ -145,6 +135,7 @@ files:
|
|
|
145
135
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
146
136
|
- spec/lib/secure_headers/headers/strict_transport_security_spec.rb
|
|
147
137
|
- spec/lib/secure_headers/headers/x_content_type_options_spec.rb
|
|
138
|
+
- spec/lib/secure_headers/headers/x_download_options_spec.rb
|
|
148
139
|
- spec/lib/secure_headers/headers/x_frame_options_spec.rb
|
|
149
140
|
- spec/lib/secure_headers/headers/x_xss_protection_spec.rb
|
|
150
141
|
- spec/lib/secure_headers_spec.rb
|
|
@@ -153,27 +144,26 @@ files:
|
|
|
153
144
|
homepage: https://github.com/twitter/secureheaders
|
|
154
145
|
licenses:
|
|
155
146
|
- Apache Public License 2.0
|
|
147
|
+
metadata: {}
|
|
156
148
|
post_install_message:
|
|
157
149
|
rdoc_options: []
|
|
158
150
|
require_paths:
|
|
159
151
|
- lib
|
|
160
152
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
161
|
-
none: false
|
|
162
153
|
requirements:
|
|
163
154
|
- - ! '>='
|
|
164
155
|
- !ruby/object:Gem::Version
|
|
165
156
|
version: '0'
|
|
166
157
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
167
|
-
none: false
|
|
168
158
|
requirements:
|
|
169
159
|
- - ! '>='
|
|
170
160
|
- !ruby/object:Gem::Version
|
|
171
161
|
version: '0'
|
|
172
162
|
requirements: []
|
|
173
163
|
rubyforge_project:
|
|
174
|
-
rubygems_version: 1.
|
|
164
|
+
rubygems_version: 2.1.1
|
|
175
165
|
signing_key:
|
|
176
|
-
specification_version:
|
|
166
|
+
specification_version: 4
|
|
177
167
|
summary: Add easily configured browser headers to responses including content security
|
|
178
168
|
policy, x-frame-options, strict-transport-security and more.
|
|
179
169
|
test_files:
|
|
@@ -181,6 +171,7 @@ test_files:
|
|
|
181
171
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
182
172
|
- spec/lib/secure_headers/headers/strict_transport_security_spec.rb
|
|
183
173
|
- spec/lib/secure_headers/headers/x_content_type_options_spec.rb
|
|
174
|
+
- spec/lib/secure_headers/headers/x_download_options_spec.rb
|
|
184
175
|
- spec/lib/secure_headers/headers/x_frame_options_spec.rb
|
|
185
176
|
- spec/lib/secure_headers/headers/x_xss_protection_spec.rb
|
|
186
177
|
- spec/lib/secure_headers_spec.rb
|
data/.rvmrc
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
rvm use 1.9.3@secureheaders --create
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
guard 'spork', :rspec_port => 1234, :aggressive_kill => false do
|
|
2
|
-
watch('spec/spec_helper.rb') { :rspec }
|
|
3
|
-
end
|
|
4
|
-
|
|
5
|
-
guard 'rspec', :cli => "--color --drb --drb-port 1234", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
|
|
6
|
-
watch(%r{^spec/.+_spec\.rb$})
|
|
7
|
-
watch('../../../lib')
|
|
8
|
-
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
|
|
9
|
-
watch('spec/spec_helper.rb') { "spec" }
|
|
10
|
-
watch(%r{^app/controllers/(.+)_(controller)\.rb$}) { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
|
|
11
|
-
watch(%r{^spec/support/(.+)\.rb$}) { "spec" }
|
|
12
|
-
watch('app/controllers/application_controller.rb') { "spec/controllers" }
|
|
13
|
-
end
|
|
14
|
-
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
# SQLite version 3.x
|
|
2
|
-
# gem install sqlite3
|
|
3
|
-
#
|
|
4
|
-
# Ensure the SQLite 3 gem is defined in your Gemfile
|
|
5
|
-
# gem 'sqlite3'
|
|
6
|
-
development:
|
|
7
|
-
adapter: sqlite3
|
|
8
|
-
database: db/development.sqlite3
|
|
9
|
-
pool: 5
|
|
10
|
-
timeout: 5000
|
|
11
|
-
|
|
12
|
-
# Warning: The database defined as "test" will be erased and
|
|
13
|
-
# re-generated from your development database when you run "rake".
|
|
14
|
-
# Do not set this db to the same as development or production.
|
|
15
|
-
test:
|
|
16
|
-
adapter: sqlite3
|
|
17
|
-
database: db/test.sqlite3
|
|
18
|
-
pool: 5
|
|
19
|
-
timeout: 5000
|
|
20
|
-
|
|
21
|
-
production:
|
|
22
|
-
adapter: sqlite3
|
|
23
|
-
database: db/production.sqlite3
|
|
24
|
-
pool: 5
|
|
25
|
-
timeout: 5000
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# encoding: UTF-8
|
|
2
|
-
# This file is auto-generated from the current state of the database. Instead
|
|
3
|
-
# of editing this file, please use the migrations feature of Active Record to
|
|
4
|
-
# incrementally modify your database, and then regenerate this schema definition.
|
|
5
|
-
#
|
|
6
|
-
# Note that this schema.rb definition is the authoritative source for your
|
|
7
|
-
# database schema. If you need to create the application database on another
|
|
8
|
-
# system, you should be using db:schema:load, not running all the migrations
|
|
9
|
-
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
|
10
|
-
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
|
11
|
-
#
|
|
12
|
-
# It's strongly recommended to check this file into your version control system.
|
|
13
|
-
|
|
14
|
-
ActiveRecord::Schema.define(:version => 0) do
|
|
15
|
-
|
|
16
|
-
end
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
# This file should contain all the record creation needed to seed the database with its default values.
|
|
2
|
-
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
|
|
3
|
-
#
|
|
4
|
-
# Examples:
|
|
5
|
-
#
|
|
6
|
-
# cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
|
|
7
|
-
# Mayor.create(name: 'Emanuel', city: cities.first)
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
guard 'spork', :rspec_port => 1235, :aggressive_kill => false do
|
|
2
|
-
watch('spec/spec_helper.rb') { :rspec }
|
|
3
|
-
end
|
|
4
|
-
|
|
5
|
-
guard 'rspec', :cli => "--color --drb --drb-port 1235", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
|
|
6
|
-
watch(%r{^spec/.+_spec\.rb$})
|
|
7
|
-
watch('../../../lib')
|
|
8
|
-
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
|
|
9
|
-
watch('spec/spec_helper.rb') { "spec" }
|
|
10
|
-
watch(%r{^app/controllers/(.+)_(controller)\.rb$}) { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
|
|
11
|
-
watch(%r{^spec/support/(.+)\.rb$}) { "spec" }
|
|
12
|
-
watch('app/controllers/application_controller.rb') { "spec/controllers" }
|
|
13
|
-
end
|
|
14
|
-
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
# SQLite version 3.x
|
|
2
|
-
# gem install sqlite3
|
|
3
|
-
#
|
|
4
|
-
# Ensure the SQLite 3 gem is defined in your Gemfile
|
|
5
|
-
# gem 'sqlite3'
|
|
6
|
-
development:
|
|
7
|
-
adapter: sqlite3
|
|
8
|
-
database: db/development.sqlite3
|
|
9
|
-
pool: 5
|
|
10
|
-
timeout: 5000
|
|
11
|
-
|
|
12
|
-
# Warning: The database defined as "test" will be erased and
|
|
13
|
-
# re-generated from your development database when you run "rake".
|
|
14
|
-
# Do not set this db to the same as development or production.
|
|
15
|
-
test:
|
|
16
|
-
adapter: sqlite3
|
|
17
|
-
database: db/test.sqlite3
|
|
18
|
-
pool: 5
|
|
19
|
-
timeout: 5000
|
|
20
|
-
|
|
21
|
-
production:
|
|
22
|
-
adapter: sqlite3
|
|
23
|
-
database: db/production.sqlite3
|
|
24
|
-
pool: 5
|
|
25
|
-
timeout: 5000
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# encoding: UTF-8
|
|
2
|
-
# This file is auto-generated from the current state of the database. Instead
|
|
3
|
-
# of editing this file, please use the migrations feature of Active Record to
|
|
4
|
-
# incrementally modify your database, and then regenerate this schema definition.
|
|
5
|
-
#
|
|
6
|
-
# Note that this schema.rb definition is the authoritative source for your
|
|
7
|
-
# database schema. If you need to create the application database on another
|
|
8
|
-
# system, you should be using db:schema:load, not running all the migrations
|
|
9
|
-
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
|
10
|
-
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
|
11
|
-
#
|
|
12
|
-
# It's strongly recommended to check this file into your version control system.
|
|
13
|
-
|
|
14
|
-
ActiveRecord::Schema.define(:version => 0) do
|
|
15
|
-
|
|
16
|
-
end
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
# This file should contain all the record creation needed to seed the database with its default values.
|
|
2
|
-
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
|
|
3
|
-
#
|
|
4
|
-
# Examples:
|
|
5
|
-
#
|
|
6
|
-
# cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
|
|
7
|
-
# Mayor.create(name: 'Emanuel', city: cities.first)
|