secure_headers 1.1.1 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. data/.ruby-gemset +1 -0
  2. data/.ruby-version +1 -0
  3. data/.travis.yml +2 -3
  4. data/Gemfile +2 -7
  5. data/HISTORY.md +47 -0
  6. data/README.md +74 -27
  7. data/app/controllers/content_security_policy_controller.rb +1 -0
  8. data/fixtures/rails_3_2_12/Gemfile +0 -8
  9. data/fixtures/rails_3_2_12/app/controllers/things_controller.rb +0 -1
  10. data/fixtures/rails_3_2_12/app/views/layouts/application.html.erb +0 -3
  11. data/fixtures/rails_3_2_12/app/views/things/index.html.erb +1 -21
  12. data/fixtures/rails_3_2_12/config/application.rb +0 -54
  13. data/fixtures/rails_3_2_12/config/environments/test.rb +2 -2
  14. data/fixtures/rails_3_2_12/config/initializers/secure_headers.rb +1 -0
  15. data/fixtures/rails_3_2_12/config/routes.rb +0 -57
  16. data/fixtures/rails_3_2_12/spec/controllers/other_things_controller_spec.rb +15 -14
  17. data/fixtures/rails_3_2_12/spec/controllers/things_controller_spec.rb +12 -12
  18. data/fixtures/rails_3_2_12/spec/spec_helper.rb +1 -5
  19. data/fixtures/rails_3_2_12_no_init/Gemfile +0 -9
  20. data/fixtures/rails_3_2_12_no_init/app/controllers/things_controller.rb +1 -1
  21. data/fixtures/rails_3_2_12_no_init/app/views/layouts/application.html.erb +0 -2
  22. data/fixtures/rails_3_2_12_no_init/app/views/things/index.html.erb +0 -21
  23. data/fixtures/rails_3_2_12_no_init/config/application.rb +0 -51
  24. data/fixtures/rails_3_2_12_no_init/config/environments/test.rb +2 -2
  25. data/fixtures/rails_3_2_12_no_init/config/routes.rb +0 -57
  26. data/fixtures/rails_3_2_12_no_init/spec/controllers/other_things_controller_spec.rb +12 -12
  27. data/fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb +12 -12
  28. data/fixtures/rails_3_2_12_no_init/spec/spec_helper.rb +3 -18
  29. data/lib/secure_headers/headers/content_security_policy.rb +54 -35
  30. data/lib/secure_headers/headers/strict_transport_security.rb +2 -1
  31. data/lib/secure_headers/headers/x_download_options.rb +39 -0
  32. data/lib/secure_headers/headers/x_xss_protection.rb +2 -1
  33. data/lib/secure_headers/padrino.rb +14 -0
  34. data/lib/secure_headers/railtie.rb +6 -2
  35. data/lib/secure_headers/version.rb +1 -1
  36. data/lib/secure_headers.rb +9 -2
  37. data/spec/controllers/content_security_policy_controller_spec.rb +19 -19
  38. data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +117 -85
  39. data/spec/lib/secure_headers/headers/strict_transport_security_spec.rb +21 -20
  40. data/spec/lib/secure_headers/headers/x_content_type_options_spec.rb +12 -12
  41. data/spec/lib/secure_headers/headers/x_download_options_spec.rb +32 -0
  42. data/spec/lib/secure_headers/headers/x_frame_options_spec.rb +12 -12
  43. data/spec/lib/secure_headers/headers/x_xss_protection_spec.rb +20 -19
  44. data/spec/lib/secure_headers_spec.rb +38 -12
  45. data/spec/spec_helper.rb +10 -24
  46. metadata +9 -37
  47. data/.rvmrc +0 -1
  48. data/Guardfile +0 -10
  49. data/fixtures/rails_3_2_12/Guardfile +0 -14
  50. data/fixtures/rails_3_2_12/app/models/thing.rb +0 -3
  51. data/fixtures/rails_3_2_12/config/database.yml +0 -25
  52. data/fixtures/rails_3_2_12/config/environments/development.rb +0 -37
  53. data/fixtures/rails_3_2_12/config/environments/production.rb +0 -67
  54. data/fixtures/rails_3_2_12/config/initializers/backtrace_silencers.rb +0 -7
  55. data/fixtures/rails_3_2_12/config/initializers/inflections.rb +0 -15
  56. data/fixtures/rails_3_2_12/config/initializers/mime_types.rb +0 -5
  57. data/fixtures/rails_3_2_12/config/initializers/secret_token.rb +0 -7
  58. data/fixtures/rails_3_2_12/config/initializers/session_store.rb +0 -8
  59. data/fixtures/rails_3_2_12/config/initializers/wrap_parameters.rb +0 -14
  60. data/fixtures/rails_3_2_12/config/locales/en.yml +0 -5
  61. data/fixtures/rails_3_2_12/db/schema.rb +0 -16
  62. data/fixtures/rails_3_2_12/db/seeds.rb +0 -7
  63. data/fixtures/rails_3_2_12_no_init/Guardfile +0 -14
  64. data/fixtures/rails_3_2_12_no_init/app/models/thing.rb +0 -3
  65. data/fixtures/rails_3_2_12_no_init/app/views/things/_form.html.erb +0 -17
  66. data/fixtures/rails_3_2_12_no_init/app/views/things/edit.html.erb +0 -6
  67. data/fixtures/rails_3_2_12_no_init/app/views/things/new.html.erb +0 -5
  68. data/fixtures/rails_3_2_12_no_init/app/views/things/show.html.erb +0 -5
  69. data/fixtures/rails_3_2_12_no_init/config/database.yml +0 -25
  70. data/fixtures/rails_3_2_12_no_init/config/environments/development.rb +0 -37
  71. data/fixtures/rails_3_2_12_no_init/config/environments/production.rb +0 -67
  72. data/fixtures/rails_3_2_12_no_init/config/initializers/backtrace_silencers.rb +0 -7
  73. data/fixtures/rails_3_2_12_no_init/config/initializers/inflections.rb +0 -15
  74. data/fixtures/rails_3_2_12_no_init/config/initializers/mime_types.rb +0 -5
  75. data/fixtures/rails_3_2_12_no_init/config/initializers/secret_token.rb +0 -7
  76. data/fixtures/rails_3_2_12_no_init/config/initializers/session_store.rb +0 -8
  77. data/fixtures/rails_3_2_12_no_init/config/initializers/wrap_parameters.rb +0 -14
  78. data/fixtures/rails_3_2_12_no_init/config/locales/en.yml +0 -5
  79. data/fixtures/rails_3_2_12_no_init/db/schema.rb +0 -16
  80. data/fixtures/rails_3_2_12_no_init/db/seeds.rb +0 -7
@@ -2,34 +2,34 @@ require 'spec_helper'
2
2
 
3
3
  module SecureHeaders
4
4
  describe XFrameOptions do
5
- specify{ XFrameOptions.new.name.should == "X-Frame-Options" }
5
+ specify{ expect(XFrameOptions.new.name).to eq("X-Frame-Options") }
6
6
 
7
7
  describe "#value" do
8
- specify { XFrameOptions.new.value.should == XFrameOptions::Constants::DEFAULT_VALUE}
9
- specify { XFrameOptions.new("SAMEORIGIN").value.should == "SAMEORIGIN"}
10
- specify { XFrameOptions.new(:value => 'DENY').value.should == "DENY"}
8
+ specify { expect(XFrameOptions.new.value).to eq(XFrameOptions::Constants::DEFAULT_VALUE)}
9
+ specify { expect(XFrameOptions.new("SAMEORIGIN").value).to eq("SAMEORIGIN")}
10
+ specify { expect(XFrameOptions.new(:value => 'DENY').value).to eq("DENY")}
11
11
 
12
12
  context "with invalid configuration" do
13
13
  it "allows SAMEORIGIN" do
14
- lambda {
14
+ expect {
15
15
  XFrameOptions.new("SAMEORIGIN").value
16
- }.should_not raise_error
16
+ }.not_to raise_error
17
17
  end
18
18
 
19
19
  it "allows DENY" do
20
- lambda {
20
+ expect {
21
21
  XFrameOptions.new("DENY").value
22
- }.should_not raise_error end
22
+ }.not_to raise_error end
23
23
 
24
24
  it "allows ALLOW-FROM*" do
25
- lambda {
25
+ expect {
26
26
  XFrameOptions.new("ALLOW-FROM: example.com").value
27
- }.should_not raise_error
27
+ }.not_to raise_error
28
28
  end
29
29
  it "does not allow garbage" do
30
- lambda {
30
+ expect {
31
31
  XFrameOptions.new("I like turtles").value
32
- }.should raise_error(XFOBuildError)
32
+ }.to raise_error(XFOBuildError)
33
33
  end
34
34
  end
35
35
  end
@@ -1,53 +1,54 @@
1
1
  module SecureHeaders
2
2
  describe XXssProtection do
3
- specify { XXssProtection.new.name.should == X_XSS_PROTECTION_HEADER_NAME}
4
- specify { XXssProtection.new.value.should == "1"}
5
- specify { XXssProtection.new("0").value.should == "0"}
6
- specify { XXssProtection.new(:value => 1, :mode => 'block').value.should == '1; mode=block' }
3
+ specify { expect(XXssProtection.new.name).to eq(X_XSS_PROTECTION_HEADER_NAME)}
4
+ specify { expect(XXssProtection.new.value).to eq("1")}
5
+ specify { expect(XXssProtection.new("0").value).to eq("0")}
6
+ specify { expect(XXssProtection.new(:value => 1, :mode => 'block').value).to eq('1; mode=block') }
7
+ specify { expect(XXssProtection.new(:value => 1, :mode => 'block', :report_uri => 'https://www.secure.com/reports').value).to eq('1; mode=block; report=https://www.secure.com/reports') }
7
8
 
8
9
  context "with invalid configuration" do
9
10
  it "should raise an error when providing a string that is not valid" do
10
- lambda {
11
+ expect {
11
12
  XXssProtection.new("asdf")
12
- }.should raise_error(XXssProtectionBuildError)
13
+ }.to raise_error(XXssProtectionBuildError)
13
14
 
14
- lambda {
15
+ expect {
15
16
  XXssProtection.new("asdf; mode=donkey")
16
- }.should raise_error(XXssProtectionBuildError)
17
+ }.to raise_error(XXssProtectionBuildError)
17
18
  end
18
19
 
19
20
  context "when using a hash value" do
20
21
  it "should allow string values ('1' or '0' are the only valid strings)" do
21
- lambda {
22
+ expect {
22
23
  XXssProtection.new(:value => '1')
23
- }.should_not raise_error
24
+ }.not_to raise_error
24
25
  end
25
26
 
26
27
  it "should allow integer values (1 or 0 are the only valid integers)" do
27
- lambda {
28
+ expect {
28
29
  XXssProtection.new(:value => 1)
29
- }.should_not raise_error
30
+ }.not_to raise_error
30
31
  end
31
32
 
32
33
  it "should raise an error if no value key is supplied" do
33
- lambda {
34
+ expect {
34
35
  XXssProtection.new(:mode => 'block')
35
- }.should raise_error(XXssProtectionBuildError)
36
+ }.to raise_error(XXssProtectionBuildError)
36
37
  end
37
38
 
38
39
  it "should raise an error if an invalid key is supplied" do
39
- lambda {
40
+ expect {
40
41
  XXssProtection.new(:value => 123)
41
- }.should raise_error(XXssProtectionBuildError)
42
+ }.to raise_error(XXssProtectionBuildError)
42
43
  end
43
44
 
44
45
  it "should raise an error if mode != block" do
45
- lambda {
46
+ expect {
46
47
  XXssProtection.new(:value => 1, :mode => "donkey")
47
- }.should raise_error(XXssProtectionBuildError)
48
+ }.to raise_error(XXssProtectionBuildError)
48
49
  end
49
50
  end
50
51
 
51
52
  end
52
53
  end
53
- end
54
+ end
@@ -13,9 +13,9 @@ describe SecureHeaders do
13
13
 
14
14
  before(:each) do
15
15
  stub_user_agent(nil)
16
- headers.stub(:[])
17
- subject.stub(:response).and_return(response)
18
- subject.stub(:request).and_return(request)
16
+ allow(headers).to receive(:[])
17
+ allow(subject).to receive(:response).and_return(response)
18
+ allow(subject).to receive(:request).and_return(request)
19
19
  end
20
20
 
21
21
  ALL_HEADERS = Hash[[:hsts, :csp, :x_frame_options, :x_content_type_options, :x_xss_protection].map{|header| [header, false]}]
@@ -32,15 +32,15 @@ describe SecureHeaders do
32
32
  }
33
33
 
34
34
  def should_assign_header name, value
35
- response.headers.should_receive(:[]=).with(name, value)
35
+ expect(response.headers).to receive(:[]=).with(name, value)
36
36
  end
37
37
 
38
38
  def should_not_assign_header name
39
- response.headers.should_not_receive(:[]=).with(name, anything)
39
+ expect(response.headers).not_to receive(:[]=).with(name, anything)
40
40
  end
41
41
 
42
42
  def stub_user_agent val
43
- request.stub_chain(:env, :[]).and_return(val)
43
+ allow(request).to receive_message_chain(:env, :[]).and_return(val)
44
44
  end
45
45
 
46
46
  def options_for header
@@ -54,6 +54,7 @@ describe SecureHeaders do
54
54
  config.x_content_type_options = nil
55
55
  config.x_xss_protection = nil
56
56
  config.csp = nil
57
+ config.x_download_options = nil
57
58
  end
58
59
  end
59
60
 
@@ -63,12 +64,13 @@ describe SecureHeaders do
63
64
  subject.set_x_frame_options_header
64
65
  subject.set_x_content_type_options_header
65
66
  subject.set_x_xss_protection_header
67
+ subject.set_x_download_options_header
66
68
  end
67
69
 
68
70
  describe "#ensure_security_headers" do
69
71
  it "sets a before filter" do
70
72
  options = {}
71
- DummyClass.should_receive(:before_filter).exactly(5).times
73
+ expect(DummyClass).to receive(:before_filter).exactly(6).times
72
74
  DummyClass.ensure_security_headers(options)
73
75
  end
74
76
  end
@@ -87,18 +89,19 @@ describe SecureHeaders do
87
89
 
88
90
  describe "#set_security_headers" do
89
91
  before(:each) do
90
- SecureHeaders::ContentSecurityPolicy.stub(:new).and_return(double.as_null_object)
92
+ allow(SecureHeaders::ContentSecurityPolicy).to receive(:new).and_return(double.as_null_object)
91
93
  end
92
94
  USER_AGENTS.each do |name, useragent|
93
95
  it "sets all default headers for #{name} (smoke test)" do
94
96
  stub_user_agent(useragent)
95
- number_of_headers = 5
96
- subject.should_receive(:set_header).exactly(number_of_headers).times # a request for a given header
97
+ number_of_headers = 6
98
+ expect(subject).to receive(:set_header).exactly(number_of_headers).times # a request for a given header
97
99
  subject.set_csp_header
98
100
  subject.set_x_frame_options_header
99
101
  subject.set_hsts_header
100
102
  subject.set_x_xss_protection_header
101
103
  subject.set_x_content_type_options_header
104
+ subject.set_x_download_options_header
102
105
  end
103
106
  end
104
107
 
@@ -113,6 +116,11 @@ describe SecureHeaders do
113
116
  subject.set_x_xss_protection_header(false)
114
117
  end
115
118
 
119
+ it "does not set the X-Download-Options header if disabled" do
120
+ should_not_assign_header(XDO_HEADER_NAME)
121
+ subject.set_x_download_options_header(false)
122
+ end
123
+
116
124
  it "does not set the X-Frame-Options header if disabled" do
117
125
  should_not_assign_header(XFO_HEADER_NAME)
118
126
  subject.set_x_frame_options_header(false)
@@ -124,7 +132,7 @@ describe SecureHeaders do
124
132
  end
125
133
 
126
134
  it "does not set the HSTS header if request is over HTTP" do
127
- subject.stub_chain(:request, :ssl?).and_return(false)
135
+ allow(subject).to receive_message_chain(:request, :ssl?).and_return(false)
128
136
  should_not_assign_header(HSTS_HEADER_NAME)
129
137
  subject.set_hsts_header({:include_subdomains => true})
130
138
  end
@@ -143,8 +151,9 @@ describe SecureHeaders do
143
151
  config.x_content_type_options = false
144
152
  config.x_xss_protection = false
145
153
  config.csp = false
154
+ config.x_download_options = false
146
155
  end
147
- subject.should_not_receive(:set_header)
156
+ expect(subject).not_to receive(:set_header)
148
157
  set_security_headers(subject)
149
158
  reset_config
150
159
  end
@@ -163,6 +172,18 @@ describe SecureHeaders do
163
172
  end
164
173
  end
165
174
 
175
+ describe "#set_x_download_options_header" do
176
+ it "sets the X-Download-Options header" do
177
+ should_assign_header(XDO_HEADER_NAME, SecureHeaders::XDownloadOptions::Constants::DEFAULT_VALUE)
178
+ subject.set_x_download_options_header
179
+ end
180
+
181
+ it "allows a custom X-Download-Options header" do
182
+ should_assign_header(XDO_HEADER_NAME, "noopen")
183
+ subject.set_x_download_options_header(:value => 'noopen')
184
+ end
185
+ end
186
+
166
187
  describe "#set_strict_transport_security" do
167
188
  it "sets the Strict-Transport-Security header" do
168
189
  should_assign_header(HSTS_HEADER_NAME, SecureHeaders::StrictTransportSecurity::Constants::DEFAULT_VALUE)
@@ -178,6 +199,11 @@ describe SecureHeaders do
178
199
  should_assign_header(HSTS_HEADER_NAME, "max-age=#{HSTS_MAX_AGE}; includeSubdomains")
179
200
  subject.set_hsts_header(:max_age => HSTS_MAX_AGE, :include_subdomains => true)
180
201
  end
202
+
203
+ it "allows you to specify preload" do
204
+ should_assign_header(HSTS_HEADER_NAME, "max-age=#{HSTS_MAX_AGE}; includeSubdomains; preload")
205
+ subject.set_hsts_header(:max_age => HSTS_MAX_AGE, :include_subdomains => true, :preload => true)
206
+ end
181
207
  end
182
208
 
183
209
  describe "#set_x_xss_protection" do
data/spec/spec_helper.rb CHANGED
@@ -1,25 +1,11 @@
1
1
  require 'rubygems'
2
- require 'spork'
3
-
4
- unless Spork.using_spork?
5
- require 'simplecov'
6
- SimpleCov.start do
7
- add_filter "spec"
8
- end
9
- end
10
-
11
- Spork.prefork do
12
- require 'pry'
13
- require 'rspec'
14
- end
15
-
16
- Spork.each_run do
17
- require File.join(File.dirname(__FILE__), '..', 'lib', 'secure_headers')
18
- require File.join(File.dirname(__FILE__), '..', 'app', 'controllers', 'content_security_policy_controller')
19
- include ::SecureHeaders::StrictTransportSecurity::Constants
20
- include ::SecureHeaders::ContentSecurityPolicy::Constants
21
- include ::SecureHeaders::XFrameOptions::Constants
22
- include ::SecureHeaders::XXssProtection::Constants
23
- include ::SecureHeaders::XContentTypeOptions::Constants
24
- end
25
-
2
+ require 'rspec'
3
+
4
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'secure_headers')
5
+ require File.join(File.dirname(__FILE__), '..', 'app', 'controllers', 'content_security_policy_controller')
6
+ include ::SecureHeaders::StrictTransportSecurity::Constants
7
+ include ::SecureHeaders::ContentSecurityPolicy::Constants
8
+ include ::SecureHeaders::XFrameOptions::Constants
9
+ include ::SecureHeaders::XXssProtection::Constants
10
+ include ::SecureHeaders::XContentTypeOptions::Constants
11
+ include ::SecureHeaders::XDownloadOptions::Constants
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.4.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-12-19 00:00:00.000000000 Z
12
+ date: 2014-12-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -35,10 +35,10 @@ extensions: []
35
35
  extra_rdoc_files: []
36
36
  files:
37
37
  - .gitignore
38
- - .rvmrc
38
+ - .ruby-gemset
39
+ - .ruby-version
39
40
  - .travis.yml
40
41
  - Gemfile
41
- - Guardfile
42
42
  - HISTORY.md
43
43
  - LICENSE
44
44
  - README.md
@@ -48,36 +48,22 @@ files:
48
48
  - config/routes.rb
49
49
  - fixtures/rails_3_2_12/.rspec
50
50
  - fixtures/rails_3_2_12/Gemfile
51
- - fixtures/rails_3_2_12/Guardfile
52
51
  - fixtures/rails_3_2_12/README.rdoc
53
52
  - fixtures/rails_3_2_12/Rakefile
54
53
  - fixtures/rails_3_2_12/app/controllers/application_controller.rb
55
54
  - fixtures/rails_3_2_12/app/controllers/other_things_controller.rb
56
55
  - fixtures/rails_3_2_12/app/controllers/things_controller.rb
57
56
  - fixtures/rails_3_2_12/app/models/.gitkeep
58
- - fixtures/rails_3_2_12/app/models/thing.rb
59
57
  - fixtures/rails_3_2_12/app/views/layouts/application.html.erb
60
58
  - fixtures/rails_3_2_12/app/views/other_things/index.html.erb
61
59
  - fixtures/rails_3_2_12/app/views/things/index.html.erb
62
60
  - fixtures/rails_3_2_12/config.ru
63
61
  - fixtures/rails_3_2_12/config/application.rb
64
62
  - fixtures/rails_3_2_12/config/boot.rb
65
- - fixtures/rails_3_2_12/config/database.yml
66
63
  - fixtures/rails_3_2_12/config/environment.rb
67
- - fixtures/rails_3_2_12/config/environments/development.rb
68
- - fixtures/rails_3_2_12/config/environments/production.rb
69
64
  - fixtures/rails_3_2_12/config/environments/test.rb
70
- - fixtures/rails_3_2_12/config/initializers/backtrace_silencers.rb
71
- - fixtures/rails_3_2_12/config/initializers/inflections.rb
72
- - fixtures/rails_3_2_12/config/initializers/mime_types.rb
73
- - fixtures/rails_3_2_12/config/initializers/secret_token.rb
74
65
  - fixtures/rails_3_2_12/config/initializers/secure_headers.rb
75
- - fixtures/rails_3_2_12/config/initializers/session_store.rb
76
- - fixtures/rails_3_2_12/config/initializers/wrap_parameters.rb
77
- - fixtures/rails_3_2_12/config/locales/en.yml
78
66
  - fixtures/rails_3_2_12/config/routes.rb
79
- - fixtures/rails_3_2_12/db/schema.rb
80
- - fixtures/rails_3_2_12/db/seeds.rb
81
67
  - fixtures/rails_3_2_12/lib/assets/.gitkeep
82
68
  - fixtures/rails_3_2_12/lib/tasks/.gitkeep
83
69
  - fixtures/rails_3_2_12/log/.gitkeep
@@ -89,39 +75,21 @@ files:
89
75
  - fixtures/rails_3_2_12/vendor/plugins/.gitkeep
90
76
  - fixtures/rails_3_2_12_no_init/.rspec
91
77
  - fixtures/rails_3_2_12_no_init/Gemfile
92
- - fixtures/rails_3_2_12_no_init/Guardfile
93
78
  - fixtures/rails_3_2_12_no_init/README.rdoc
94
79
  - fixtures/rails_3_2_12_no_init/Rakefile
95
80
  - fixtures/rails_3_2_12_no_init/app/controllers/application_controller.rb
96
81
  - fixtures/rails_3_2_12_no_init/app/controllers/other_things_controller.rb
97
82
  - fixtures/rails_3_2_12_no_init/app/controllers/things_controller.rb
98
83
  - fixtures/rails_3_2_12_no_init/app/models/.gitkeep
99
- - fixtures/rails_3_2_12_no_init/app/models/thing.rb
100
84
  - fixtures/rails_3_2_12_no_init/app/views/layouts/application.html.erb
101
85
  - fixtures/rails_3_2_12_no_init/app/views/other_things/index.html.erb
102
- - fixtures/rails_3_2_12_no_init/app/views/things/_form.html.erb
103
- - fixtures/rails_3_2_12_no_init/app/views/things/edit.html.erb
104
86
  - fixtures/rails_3_2_12_no_init/app/views/things/index.html.erb
105
- - fixtures/rails_3_2_12_no_init/app/views/things/new.html.erb
106
- - fixtures/rails_3_2_12_no_init/app/views/things/show.html.erb
107
87
  - fixtures/rails_3_2_12_no_init/config.ru
108
88
  - fixtures/rails_3_2_12_no_init/config/application.rb
109
89
  - fixtures/rails_3_2_12_no_init/config/boot.rb
110
- - fixtures/rails_3_2_12_no_init/config/database.yml
111
90
  - fixtures/rails_3_2_12_no_init/config/environment.rb
112
- - fixtures/rails_3_2_12_no_init/config/environments/development.rb
113
- - fixtures/rails_3_2_12_no_init/config/environments/production.rb
114
91
  - fixtures/rails_3_2_12_no_init/config/environments/test.rb
115
- - fixtures/rails_3_2_12_no_init/config/initializers/backtrace_silencers.rb
116
- - fixtures/rails_3_2_12_no_init/config/initializers/inflections.rb
117
- - fixtures/rails_3_2_12_no_init/config/initializers/mime_types.rb
118
- - fixtures/rails_3_2_12_no_init/config/initializers/secret_token.rb
119
- - fixtures/rails_3_2_12_no_init/config/initializers/session_store.rb
120
- - fixtures/rails_3_2_12_no_init/config/initializers/wrap_parameters.rb
121
- - fixtures/rails_3_2_12_no_init/config/locales/en.yml
122
92
  - fixtures/rails_3_2_12_no_init/config/routes.rb
123
- - fixtures/rails_3_2_12_no_init/db/schema.rb
124
- - fixtures/rails_3_2_12_no_init/db/seeds.rb
125
93
  - fixtures/rails_3_2_12_no_init/lib/assets/.gitkeep
126
94
  - fixtures/rails_3_2_12_no_init/lib/tasks/.gitkeep
127
95
  - fixtures/rails_3_2_12_no_init/log/.gitkeep
@@ -136,8 +104,10 @@ files:
136
104
  - lib/secure_headers/headers/content_security_policy.rb
137
105
  - lib/secure_headers/headers/strict_transport_security.rb
138
106
  - lib/secure_headers/headers/x_content_type_options.rb
107
+ - lib/secure_headers/headers/x_download_options.rb
139
108
  - lib/secure_headers/headers/x_frame_options.rb
140
109
  - lib/secure_headers/headers/x_xss_protection.rb
110
+ - lib/secure_headers/padrino.rb
141
111
  - lib/secure_headers/railtie.rb
142
112
  - lib/secure_headers/version.rb
143
113
  - secure_headers.gemspec
@@ -145,6 +115,7 @@ files:
145
115
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
146
116
  - spec/lib/secure_headers/headers/strict_transport_security_spec.rb
147
117
  - spec/lib/secure_headers/headers/x_content_type_options_spec.rb
118
+ - spec/lib/secure_headers/headers/x_download_options_spec.rb
148
119
  - spec/lib/secure_headers/headers/x_frame_options_spec.rb
149
120
  - spec/lib/secure_headers/headers/x_xss_protection_spec.rb
150
121
  - spec/lib/secure_headers_spec.rb
@@ -171,7 +142,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
171
142
  version: '0'
172
143
  requirements: []
173
144
  rubyforge_project:
174
- rubygems_version: 1.8.25
145
+ rubygems_version: 1.8.23
175
146
  signing_key:
176
147
  specification_version: 3
177
148
  summary: Add easily configured browser headers to responses including content security
@@ -181,6 +152,7 @@ test_files:
181
152
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
182
153
  - spec/lib/secure_headers/headers/strict_transport_security_spec.rb
183
154
  - spec/lib/secure_headers/headers/x_content_type_options_spec.rb
155
+ - spec/lib/secure_headers/headers/x_download_options_spec.rb
184
156
  - spec/lib/secure_headers/headers/x_frame_options_spec.rb
185
157
  - spec/lib/secure_headers/headers/x_xss_protection_spec.rb
186
158
  - spec/lib/secure_headers_spec.rb
data/.rvmrc DELETED
@@ -1 +0,0 @@
1
- rvm use 1.9.3@secureheaders --create
data/Guardfile DELETED
@@ -1,10 +0,0 @@
1
- guard 'spork', :aggressive_kill => false do
2
- watch('spec/spec_helper.rb') { :rspec }
3
- end
4
-
5
- guard 'rspec', :cli => "--color --drb --debug", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
6
- watch(%r{^spec/.+_spec\.rb$})
7
- watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
8
- watch(%r{^app/controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
9
- watch('spec/spec_helper.rb') { "spec" }
10
- end
@@ -1,14 +0,0 @@
1
- guard 'spork', :rspec_port => 1234, :aggressive_kill => false do
2
- watch('spec/spec_helper.rb') { :rspec }
3
- end
4
-
5
- guard 'rspec', :cli => "--color --drb --drb-port 1234", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
6
- watch(%r{^spec/.+_spec\.rb$})
7
- watch('../../../lib')
8
- watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
9
- watch('spec/spec_helper.rb') { "spec" }
10
- watch(%r{^app/controllers/(.+)_(controller)\.rb$}) { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
11
- watch(%r{^spec/support/(.+)\.rb$}) { "spec" }
12
- watch('app/controllers/application_controller.rb') { "spec/controllers" }
13
- end
14
-
@@ -1,3 +0,0 @@
1
- class Thing < ActiveRecord::Base
2
- # attr_accessible :title, :body
3
- end
@@ -1,25 +0,0 @@
1
- # SQLite version 3.x
2
- # gem install sqlite3
3
- #
4
- # Ensure the SQLite 3 gem is defined in your Gemfile
5
- # gem 'sqlite3'
6
- development:
7
- adapter: sqlite3
8
- database: db/development.sqlite3
9
- pool: 5
10
- timeout: 5000
11
-
12
- # Warning: The database defined as "test" will be erased and
13
- # re-generated from your development database when you run "rake".
14
- # Do not set this db to the same as development or production.
15
- test:
16
- adapter: sqlite3
17
- database: db/test.sqlite3
18
- pool: 5
19
- timeout: 5000
20
-
21
- production:
22
- adapter: sqlite3
23
- database: db/production.sqlite3
24
- pool: 5
25
- timeout: 5000
@@ -1,37 +0,0 @@
1
- Rails3212::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # In the development environment your application's code is reloaded on
5
- # every request. This slows down response time but is perfect for development
6
- # since you don't have to restart the web server when you make code changes.
7
- config.cache_classes = false
8
-
9
- # Log error messages when you accidentally call methods on nil.
10
- config.whiny_nils = true
11
-
12
- # Show full error reports and disable caching
13
- config.consider_all_requests_local = true
14
- config.action_controller.perform_caching = false
15
-
16
- # Don't care if the mailer can't send
17
- config.action_mailer.raise_delivery_errors = false
18
-
19
- # Print deprecation notices to the Rails logger
20
- config.active_support.deprecation = :log
21
-
22
- # Only use best-standards-support built into browsers
23
- config.action_dispatch.best_standards_support = :builtin
24
-
25
- # Raise exception on mass assignment protection for Active Record models
26
- config.active_record.mass_assignment_sanitizer = :strict
27
-
28
- # Log the query plan for queries taking more than this (works
29
- # with SQLite, MySQL, and PostgreSQL)
30
- config.active_record.auto_explain_threshold_in_seconds = 0.5
31
-
32
- # Do not compress assets
33
- config.assets.compress = false
34
-
35
- # Expands the lines which load the assets
36
- config.assets.debug = true
37
- end
@@ -1,67 +0,0 @@
1
- Rails3212::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # Code is not reloaded between requests
5
- config.cache_classes = true
6
-
7
- # Full error reports are disabled and caching is turned on
8
- config.consider_all_requests_local = false
9
- config.action_controller.perform_caching = true
10
-
11
- # Disable Rails's static asset server (Apache or nginx will already do this)
12
- config.serve_static_assets = false
13
-
14
- # Compress JavaScripts and CSS
15
- config.assets.compress = true
16
-
17
- # Don't fallback to assets pipeline if a precompiled asset is missed
18
- config.assets.compile = false
19
-
20
- # Generate digests for assets URLs
21
- config.assets.digest = true
22
-
23
- # Defaults to nil and saved in location specified by config.assets.prefix
24
- # config.assets.manifest = YOUR_PATH
25
-
26
- # Specifies the header that your server uses for sending files
27
- # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28
- # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29
-
30
- # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
- # config.force_ssl = true
32
-
33
- # See everything in the log (default is :info)
34
- # config.log_level = :debug
35
-
36
- # Prepend all log lines with the following tags
37
- # config.log_tags = [ :subdomain, :uuid ]
38
-
39
- # Use a different logger for distributed setups
40
- # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
41
-
42
- # Use a different cache store in production
43
- # config.cache_store = :mem_cache_store
44
-
45
- # Enable serving of images, stylesheets, and JavaScripts from an asset server
46
- # config.action_controller.asset_host = "http://assets.example.com"
47
-
48
- # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
49
- # config.assets.precompile += %w( search.js )
50
-
51
- # Disable delivery errors, bad email addresses will be ignored
52
- # config.action_mailer.raise_delivery_errors = false
53
-
54
- # Enable threaded mode
55
- # config.threadsafe!
56
-
57
- # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
58
- # the I18n.default_locale when a translation can not be found)
59
- config.i18n.fallbacks = true
60
-
61
- # Send deprecation notices to registered listeners
62
- config.active_support.deprecation = :notify
63
-
64
- # Log the query plan for queries taking more than this (works
65
- # with SQLite, MySQL, and PostgreSQL)
66
- # config.active_record.auto_explain_threshold_in_seconds = 0.5
67
- end
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
- # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
-
6
- # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
- # Rails.backtrace_cleaner.remove_silencers!
@@ -1,15 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new inflection rules using the following format
4
- # (all these examples are active by default):
5
- # ActiveSupport::Inflector.inflections do |inflect|
6
- # inflect.plural /^(ox)$/i, '\1en'
7
- # inflect.singular /^(ox)en/i, '\1'
8
- # inflect.irregular 'person', 'people'
9
- # inflect.uncountable %w( fish sheep )
10
- # end
11
- #
12
- # These inflection rules are supported but not enabled by default:
13
- # ActiveSupport::Inflector.inflections do |inflect|
14
- # inflect.acronym 'RESTful'
15
- # end
@@ -1,5 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new mime types for use in respond_to blocks:
4
- # Mime::Type.register "text/richtext", :rtf
5
- # Mime::Type.register_alias "text/html", :iphone
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Your secret key for verifying the integrity of signed cookies.
4
- # If you change this key, all old signed cookies will become invalid!
5
- # Make sure the secret is at least 30 characters and all random,
6
- # no regular words or you'll be exposed to dictionary attacks.
7
- Rails3212::Application.config.secret_token = '8dd5aabfbd49f9bce1c5b7dee79d7349cb869f54984ead01f7a272e6f75a58413f621733855906dc9cc249b9486d95583519096d92e77b910f82ba4a90326db7'
@@ -1,8 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- Rails3212::Application.config.session_store :cookie_store, :key => '_rails_3_2_12_session'
4
-
5
- # Use the database for sessions instead of the cookie-based default,
6
- # which shouldn't be used to store highly confidential information
7
- # (create the session table with "rails generate session_migration")
8
- # Rails3212::Application.config.session_store :active_record_store