secure_headers 1.3.4 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of secure_headers might be problematic. Click here for more details.

Files changed (42) hide show
  1. data/.travis.yml +0 -3
  2. data/Gemfile +2 -3
  3. data/app/controllers/content_security_policy_controller.rb +1 -0
  4. data/fixtures/rails_3_2_12/Gemfile +0 -5
  5. data/fixtures/rails_3_2_12/app/controllers/things_controller.rb +0 -1
  6. data/fixtures/rails_3_2_12/app/views/layouts/application.html.erb +0 -3
  7. data/fixtures/rails_3_2_12/config/application.rb +0 -54
  8. data/fixtures/rails_3_2_12/config/routes.rb +0 -57
  9. data/fixtures/rails_3_2_12_no_init/Gemfile +0 -6
  10. data/fixtures/rails_3_2_12_no_init/app/controllers/things_controller.rb +1 -1
  11. data/fixtures/rails_3_2_12_no_init/app/views/layouts/application.html.erb +0 -2
  12. data/fixtures/rails_3_2_12_no_init/app/views/things/index.html.erb +0 -21
  13. data/fixtures/rails_3_2_12_no_init/config/application.rb +0 -48
  14. data/fixtures/rails_3_2_12_no_init/config/routes.rb +0 -57
  15. data/lib/secure_headers.rb +1 -1
  16. data/lib/secure_headers/headers/content_security_policy.rb +2 -0
  17. data/lib/secure_headers/version.rb +1 -1
  18. metadata +9 -28
  19. checksums.yaml +0 -15
  20. data/Guardfile +0 -6
  21. data/fixtures/rails_3_2_12/config/environments/development.rb +0 -37
  22. data/fixtures/rails_3_2_12/config/environments/production.rb +0 -67
  23. data/fixtures/rails_3_2_12/config/initializers/backtrace_silencers.rb +0 -7
  24. data/fixtures/rails_3_2_12/config/initializers/inflections.rb +0 -15
  25. data/fixtures/rails_3_2_12/config/initializers/mime_types.rb +0 -5
  26. data/fixtures/rails_3_2_12/config/initializers/secret_token.rb +0 -7
  27. data/fixtures/rails_3_2_12/config/initializers/session_store.rb +0 -8
  28. data/fixtures/rails_3_2_12/config/initializers/wrap_parameters.rb +0 -14
  29. data/fixtures/rails_3_2_12/config/locales/en.yml +0 -5
  30. data/fixtures/rails_3_2_12_no_init/app/views/things/_form.html.erb +0 -17
  31. data/fixtures/rails_3_2_12_no_init/app/views/things/edit.html.erb +0 -6
  32. data/fixtures/rails_3_2_12_no_init/app/views/things/new.html.erb +0 -5
  33. data/fixtures/rails_3_2_12_no_init/app/views/things/show.html.erb +0 -5
  34. data/fixtures/rails_3_2_12_no_init/config/environments/development.rb +0 -37
  35. data/fixtures/rails_3_2_12_no_init/config/environments/production.rb +0 -67
  36. data/fixtures/rails_3_2_12_no_init/config/initializers/backtrace_silencers.rb +0 -7
  37. data/fixtures/rails_3_2_12_no_init/config/initializers/inflections.rb +0 -15
  38. data/fixtures/rails_3_2_12_no_init/config/initializers/mime_types.rb +0 -5
  39. data/fixtures/rails_3_2_12_no_init/config/initializers/secret_token.rb +0 -7
  40. data/fixtures/rails_3_2_12_no_init/config/initializers/session_store.rb +0 -8
  41. data/fixtures/rails_3_2_12_no_init/config/initializers/wrap_parameters.rb +0 -14
  42. data/fixtures/rails_3_2_12_no_init/config/locales/en.yml +0 -5
data/.travis.yml CHANGED
@@ -3,6 +3,3 @@ rvm:
3
3
  - "2.0.0"
4
4
  - "1.9.3"
5
5
  - "1.8.7"
6
- # - jruby-19mode
7
- # - jruby-18mode
8
- #script: ./travis.sh
data/Gemfile CHANGED
@@ -6,9 +6,8 @@ group :test do
6
6
  gem 'rails', '3.2.12'
7
7
  gem 'sqlite3', :platform => [:ruby, :mswin, :mingw]
8
8
  gem 'jdbc-sqlite3', :platform => :jruby
9
- gem 'rspec-rails'
10
- gem 'rspec'
11
- gem 'guard-rspec', :platform => :ruby_19
9
+ gem 'rspec-rails', '>= 3.1'
10
+ gem 'rspec', '>= 3.1'
12
11
  gem 'growl'
13
12
  gem 'rb-fsevent'
14
13
  gem 'debugger', :platform => :ruby_19
@@ -5,6 +5,7 @@ class ContentSecurityPolicyController < ActionController::Base
5
5
  CA_FILE = File.expand_path(File.join('..','..', '..', 'config', 'curl-ca-bundle.crt'), __FILE__)
6
6
 
7
7
  def scribe
8
+ warn "[DEPRECATION] ContentSecurityPolicyController is removed in 2.0"
8
9
  csp = ::SecureHeaders::Configuration.csp || {}
9
10
 
10
11
  forward_endpoint = csp[:forward_endpoint]
@@ -3,9 +3,4 @@ source 'https://rubygems.org'
3
3
  gem 'rails', '3.2.12'
4
4
  gem 'rspec-rails', '>= 2.0.0'
5
5
  gem 'secure_headers', :path => '../..'
6
- gem 'debugger', :platform => :ruby_19
7
- gem 'ruby-debug', :platform => :ruby_18
8
- gem 'guard-rspec'
9
- gem 'rb-fsevent'
10
- gem 'growl'
11
6
 
@@ -1,6 +1,5 @@
1
1
  class ThingsController < ApplicationController
2
2
  ensure_security_headers :csp => false
3
3
  def index
4
- ######## : ) <- Marge Simpson?
5
4
  end
6
5
  end
@@ -2,9 +2,6 @@
2
2
  <html>
3
3
  <head>
4
4
  <title>Rails3212</title>
5
- <%= stylesheet_link_tag "application", :media => "all" %>
6
- <%= javascript_include_tag "application" %>
7
- <%= csrf_meta_tags %>
8
5
  </head>
9
6
  <body>
10
7
 
@@ -1,68 +1,14 @@
1
1
  require File.expand_path('../boot', __FILE__)
2
2
 
3
- # Pick the frameworks you want:
4
- # require "active_record/railtie"
5
3
  require "action_controller/railtie"
6
- # require "action_mailer/railtie"
7
- # require "active_resource/railtie"
8
4
  require "sprockets/railtie"
9
- # require "rails/test_unit/railtie"
10
5
 
11
6
  if defined?(Bundler)
12
- # If you precompile assets before deploying to production, use this line
13
7
  Bundler.require(*Rails.groups(:assets => %w(development test)))
14
- # If you want your assets lazily compiled in production, use this line
15
- # Bundler.require(:default, :assets, Rails.env)
16
8
  end
17
9
 
18
10
  module Rails3212
19
11
  class Application < Rails::Application
20
- # Settings in config/environments/* take precedence over those specified here.
21
- # Application configuration should go into files in config/initializers
22
- # -- all .rb files in that directory are automatically loaded.
23
12
 
24
- # Custom directories with classes and modules you want to be autoloadable.
25
- # config.autoload_paths += %W(#{config.root}/extras)
26
-
27
- # Only load the plugins named here, in the order given (default is alphabetical).
28
- # :all can be used as a placeholder for all plugins not explicitly named.
29
- # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
30
-
31
- # Activate observers that should always be running.
32
- # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
33
-
34
- # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
35
- # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
36
- # config.time_zone = 'Central Time (US & Canada)'
37
-
38
- # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
39
- # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
40
- # config.i18n.default_locale = :de
41
-
42
- # Configure the default encoding used in templates for Ruby 1.9.
43
- config.encoding = "utf-8"
44
-
45
- # Configure sensitive parameters which will be filtered from the log file.
46
- config.filter_parameters += [:password]
47
-
48
- # Enable escaping HTML in JSON.
49
- config.active_support.escape_html_entities_in_json = true
50
-
51
- # Use SQL instead of Active Record's schema dumper when creating the database.
52
- # This is necessary if your schema can't be completely dumped by the schema dumper,
53
- # like if you have constraints or database-specific column types
54
- # config.active_record.schema_format = :sql
55
-
56
- # Enforce whitelist mode for mass assignment.
57
- # This will create an empty whitelist of attributes available for mass-assignment for all models
58
- # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
59
- # parameters by using an attr_accessible or attr_protected declaration.
60
- # config.active_record.whitelist_attributes = true
61
-
62
- # Enable the asset pipeline
63
- config.assets.enabled = true
64
-
65
- # Version of your assets, change this if you want to expire all your assets
66
- config.assets.version = '1.0'
67
13
  end
68
14
  end
@@ -1,61 +1,4 @@
1
1
  Rails3212::Application.routes.draw do
2
2
  resources :things
3
-
4
-
5
- # The priority is based upon order of creation:
6
- # first created -> highest priority.
7
-
8
- # Sample of regular route:
9
- # match 'products/:id' => 'catalog#view'
10
- # Keep in mind you can assign values other than :controller and :action
11
-
12
- # Sample of named route:
13
- # match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
14
- # This route can be invoked with purchase_url(:id => product.id)
15
-
16
- # Sample resource route (maps HTTP verbs to controller actions automatically):
17
- # resources :products
18
-
19
- # Sample resource route with options:
20
- # resources :products do
21
- # member do
22
- # get 'short'
23
- # post 'toggle'
24
- # end
25
- #
26
- # collection do
27
- # get 'sold'
28
- # end
29
- # end
30
-
31
- # Sample resource route with sub-resources:
32
- # resources :products do
33
- # resources :comments, :sales
34
- # resource :seller
35
- # end
36
-
37
- # Sample resource route with more complex sub-resources
38
- # resources :products do
39
- # resources :comments
40
- # resources :sales do
41
- # get 'recent', :on => :collection
42
- # end
43
- # end
44
-
45
- # Sample resource route within a namespace:
46
- # namespace :admin do
47
- # # Directs /admin/products/* to Admin::ProductsController
48
- # # (app/controllers/admin/products_controller.rb)
49
- # resources :products
50
- # end
51
-
52
- # You can have the root of your site routed with "root"
53
- # just remember to delete public/index.html.
54
- # root :to => 'welcome#index'
55
-
56
- # See how all your routes lay out with "rake routes"
57
-
58
- # This is a legacy wild controller route that's not recommended for RESTful applications.
59
- # Note: This route will make all actions in every controller accessible via GET requests.
60
3
  match ':controller(/:action(/:id))(.:format)'
61
4
  end
@@ -3,9 +3,3 @@ source 'https://rubygems.org'
3
3
  gem 'rails', '3.2.12'
4
4
  gem 'rspec-rails', '>= 2.0.0'
5
5
  gem 'secure_headers', :path => '../..'
6
- gem 'debugger', :platform => :ruby_19
7
- gem 'ruby-debug', :platform => :ruby_18
8
- gem 'guard-rspec'
9
- gem 'rb-fsevent'
10
- gem 'growl'
11
-
@@ -1,5 +1,5 @@
1
1
  class ThingsController < ApplicationController
2
2
  def index
3
- ######## : ) <- Marge Simpson?
3
+
4
4
  end
5
5
  end
@@ -3,8 +3,6 @@
3
3
  <head>
4
4
  <title>Rails3212</title>
5
5
  <%= stylesheet_link_tag "application", :media => "all" %>
6
- <%= javascript_include_tag "application" %>
7
- <%= csrf_meta_tags %>
8
6
  </head>
9
7
  <body>
10
8
 
@@ -1,21 +0,0 @@
1
- <h1>Listing things</h1>
2
-
3
- <table>
4
- <tr>
5
- <th></th>
6
- <th></th>
7
- <th></th>
8
- </tr>
9
-
10
- <% @things.each do |thing| %>
11
- <tr>
12
- <td><%= link_to 'Show', thing %></td>
13
- <td><%= link_to 'Edit', edit_thing_path(thing) %></td>
14
- <td><%= link_to 'Destroy', thing, method: :delete, data: { confirm: 'Are you sure?' } %></td>
15
- </tr>
16
- <% end %>
17
- </table>
18
-
19
- <br />
20
-
21
- <%= link_to 'New Thing', new_thing_path %>
@@ -3,7 +3,6 @@ require File.expand_path('../boot', __FILE__)
3
3
  # Pick the frameworks you want:
4
4
  require "action_controller/railtie"
5
5
  require "sprockets/railtie"
6
- # require "rails/test_unit/railtie"
7
6
 
8
7
  if defined?(Bundler)
9
8
  # If you precompile assets before deploying to production, use this line
@@ -14,52 +13,5 @@ end
14
13
 
15
14
  module Rails3212
16
15
  class Application < Rails::Application
17
- # Settings in config/environments/* take precedence over those specified here.
18
- # Application configuration should go into files in config/initializers
19
- # -- all .rb files in that directory are automatically loaded.
20
-
21
- # Custom directories with classes and modules you want to be autoloadable.
22
- # config.autoload_paths += %W(#{config.root}/extras)
23
-
24
- # Only load the plugins named here, in the order given (default is alphabetical).
25
- # :all can be used as a placeholder for all plugins not explicitly named.
26
- # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
27
-
28
- # Activate observers that should always be running.
29
- # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
30
-
31
- # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
32
- # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
33
- # config.time_zone = 'Central Time (US & Canada)'
34
-
35
- # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
36
- # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
37
- # config.i18n.default_locale = :de
38
-
39
- # Configure the default encoding used in templates for Ruby 1.9.
40
- config.encoding = "utf-8"
41
-
42
- # Configure sensitive parameters which will be filtered from the log file.
43
- config.filter_parameters += [:password]
44
-
45
- # Enable escaping HTML in JSON.
46
- config.active_support.escape_html_entities_in_json = true
47
-
48
- # Use SQL instead of Active Record's schema dumper when creating the database.
49
- # This is necessary if your schema can't be completely dumped by the schema dumper,
50
- # like if you have constraints or database-specific column types
51
- # config.active_record.schema_format = :sql
52
-
53
- # Enforce whitelist mode for mass assignment.
54
- # This will create an empty whitelist of attributes available for mass-assignment for all models
55
- # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
56
- # parameters by using an attr_accessible or attr_protected declaration.
57
- # config.active_record.whitelist_attributes = true
58
-
59
- # Enable the asset pipeline
60
- config.assets.enabled = true
61
-
62
- # Version of your assets, change this if you want to expire all your assets
63
- config.assets.version = '1.0'
64
16
  end
65
17
  end
@@ -1,61 +1,4 @@
1
1
  Rails3212::Application.routes.draw do
2
2
  resources :things
3
-
4
-
5
- # The priority is based upon order of creation:
6
- # first created -> highest priority.
7
-
8
- # Sample of regular route:
9
- # match 'products/:id' => 'catalog#view'
10
- # Keep in mind you can assign values other than :controller and :action
11
-
12
- # Sample of named route:
13
- # match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
14
- # This route can be invoked with purchase_url(:id => product.id)
15
-
16
- # Sample resource route (maps HTTP verbs to controller actions automatically):
17
- # resources :products
18
-
19
- # Sample resource route with options:
20
- # resources :products do
21
- # member do
22
- # get 'short'
23
- # post 'toggle'
24
- # end
25
- #
26
- # collection do
27
- # get 'sold'
28
- # end
29
- # end
30
-
31
- # Sample resource route with sub-resources:
32
- # resources :products do
33
- # resources :comments, :sales
34
- # resource :seller
35
- # end
36
-
37
- # Sample resource route with more complex sub-resources
38
- # resources :products do
39
- # resources :comments
40
- # resources :sales do
41
- # get 'recent', :on => :collection
42
- # end
43
- # end
44
-
45
- # Sample resource route within a namespace:
46
- # namespace :admin do
47
- # # Directs /admin/products/* to Admin::ProductsController
48
- # # (app/controllers/admin/products_controller.rb)
49
- # resources :products
50
- # end
51
-
52
- # You can have the root of your site routed with "root"
53
- # just remember to delete public/index.html.
54
- # root :to => 'welcome#index'
55
-
56
- # See how all your routes lay out with "rake routes"
57
-
58
- # This is a legacy wild controller route that's not recommended for RESTful applications.
59
- # Note: This route will make all actions in every controller accessible via GET requests.
60
3
  match ':controller(/:action(/:id))(.:format)'
61
4
  end
@@ -126,7 +126,7 @@ module SecureHeaders
126
126
  end
127
127
  end
128
128
 
129
-
129
+ require "securerandom"
130
130
  require "secure_headers/version"
131
131
  require "secure_headers/header"
132
132
  require "secure_headers/headers/content_security_policy"
@@ -30,6 +30,7 @@ module SecureHeaders
30
30
  # :report used to determine what :ssl_request, :ua, and :request_uri are set to
31
31
  def initialize(config=nil, options={})
32
32
  @experimental = !!options.delete(:experimental)
33
+ warn "[DEPRECATION] 'experimental' config is removed in 2.0"
33
34
  @controller = options.delete(:controller)
34
35
 
35
36
  if options[:request]
@@ -171,6 +172,7 @@ module SecureHeaders
171
172
  end
172
173
 
173
174
  if forward_endpoint
175
+ warn "[DEPRECATION] forwarder is removed in 2.0"
174
176
  @report_uri = FF_CSP_ENDPOINT
175
177
  end
176
178
  end
@@ -1,3 +1,3 @@
1
1
  module SecureHeaders
2
- VERSION = "1.3.4"
2
+ VERSION = "1.4.0"
3
3
  end
metadata CHANGED
@@ -1,18 +1,20 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.4
4
+ version: 1.4.0
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Neil Matatall
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2014-10-13 00:00:00.000000000 Z
12
+ date: 2014-12-06 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: rake
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
19
  - - ! '>='
18
20
  - !ruby/object:Gem::Version
@@ -20,6 +22,7 @@ dependencies:
20
22
  type: :development
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
23
26
  requirements:
24
27
  - - ! '>='
25
28
  - !ruby/object:Gem::Version
@@ -36,7 +39,6 @@ files:
36
39
  - .ruby-version
37
40
  - .travis.yml
38
41
  - Gemfile
39
- - Guardfile
40
42
  - HISTORY.md
41
43
  - LICENSE
42
44
  - README.md
@@ -59,17 +61,8 @@ files:
59
61
  - fixtures/rails_3_2_12/config/application.rb
60
62
  - fixtures/rails_3_2_12/config/boot.rb
61
63
  - fixtures/rails_3_2_12/config/environment.rb
62
- - fixtures/rails_3_2_12/config/environments/development.rb
63
- - fixtures/rails_3_2_12/config/environments/production.rb
64
64
  - fixtures/rails_3_2_12/config/environments/test.rb
65
- - fixtures/rails_3_2_12/config/initializers/backtrace_silencers.rb
66
- - fixtures/rails_3_2_12/config/initializers/inflections.rb
67
- - fixtures/rails_3_2_12/config/initializers/mime_types.rb
68
- - fixtures/rails_3_2_12/config/initializers/secret_token.rb
69
65
  - fixtures/rails_3_2_12/config/initializers/secure_headers.rb
70
- - fixtures/rails_3_2_12/config/initializers/session_store.rb
71
- - fixtures/rails_3_2_12/config/initializers/wrap_parameters.rb
72
- - fixtures/rails_3_2_12/config/locales/en.yml
73
66
  - fixtures/rails_3_2_12/config/routes.rb
74
67
  - fixtures/rails_3_2_12/lib/assets/.gitkeep
75
68
  - fixtures/rails_3_2_12/lib/tasks/.gitkeep
@@ -90,25 +83,12 @@ files:
90
83
  - fixtures/rails_3_2_12_no_init/app/models/.gitkeep
91
84
  - fixtures/rails_3_2_12_no_init/app/views/layouts/application.html.erb
92
85
  - fixtures/rails_3_2_12_no_init/app/views/other_things/index.html.erb
93
- - fixtures/rails_3_2_12_no_init/app/views/things/_form.html.erb
94
- - fixtures/rails_3_2_12_no_init/app/views/things/edit.html.erb
95
86
  - fixtures/rails_3_2_12_no_init/app/views/things/index.html.erb
96
- - fixtures/rails_3_2_12_no_init/app/views/things/new.html.erb
97
- - fixtures/rails_3_2_12_no_init/app/views/things/show.html.erb
98
87
  - fixtures/rails_3_2_12_no_init/config.ru
99
88
  - fixtures/rails_3_2_12_no_init/config/application.rb
100
89
  - fixtures/rails_3_2_12_no_init/config/boot.rb
101
90
  - fixtures/rails_3_2_12_no_init/config/environment.rb
102
- - fixtures/rails_3_2_12_no_init/config/environments/development.rb
103
- - fixtures/rails_3_2_12_no_init/config/environments/production.rb
104
91
  - fixtures/rails_3_2_12_no_init/config/environments/test.rb
105
- - fixtures/rails_3_2_12_no_init/config/initializers/backtrace_silencers.rb
106
- - fixtures/rails_3_2_12_no_init/config/initializers/inflections.rb
107
- - fixtures/rails_3_2_12_no_init/config/initializers/mime_types.rb
108
- - fixtures/rails_3_2_12_no_init/config/initializers/secret_token.rb
109
- - fixtures/rails_3_2_12_no_init/config/initializers/session_store.rb
110
- - fixtures/rails_3_2_12_no_init/config/initializers/wrap_parameters.rb
111
- - fixtures/rails_3_2_12_no_init/config/locales/en.yml
112
92
  - fixtures/rails_3_2_12_no_init/config/routes.rb
113
93
  - fixtures/rails_3_2_12_no_init/lib/assets/.gitkeep
114
94
  - fixtures/rails_3_2_12_no_init/lib/tasks/.gitkeep
@@ -144,26 +124,27 @@ files:
144
124
  homepage: https://github.com/twitter/secureheaders
145
125
  licenses:
146
126
  - Apache Public License 2.0
147
- metadata: {}
148
127
  post_install_message:
149
128
  rdoc_options: []
150
129
  require_paths:
151
130
  - lib
152
131
  required_ruby_version: !ruby/object:Gem::Requirement
132
+ none: false
153
133
  requirements:
154
134
  - - ! '>='
155
135
  - !ruby/object:Gem::Version
156
136
  version: '0'
157
137
  required_rubygems_version: !ruby/object:Gem::Requirement
138
+ none: false
158
139
  requirements:
159
140
  - - ! '>='
160
141
  - !ruby/object:Gem::Version
161
142
  version: '0'
162
143
  requirements: []
163
144
  rubyforge_project:
164
- rubygems_version: 2.1.1
145
+ rubygems_version: 1.8.23
165
146
  signing_key:
166
- specification_version: 4
147
+ specification_version: 3
167
148
  summary: Add easily configured browser headers to responses including content security
168
149
  policy, x-frame-options, strict-transport-security and more.
169
150
  test_files:
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NzcxMzdhM2IwMTAxN2IyNTc5OTg5OGY1MmJlZGFlNWJmNjBjM2MzMw==
5
- data.tar.gz: !binary |-
6
- ODNmNjA1YmY1ODEzMWIxYTU2YWYzYmY3NGFjM2Y1ZDU4MDQ0ODkwMQ==
7
- SHA512:
8
- metadata.gz: !binary |-
9
- NGEwNTVlZjBmMTcwN2QxYjI5YjVkZGJhZmJiYTJlY2M3YzEyM2JiN2Q3MzY0
10
- NzdmNWNhMDIzMmVhNzNkZWRmZTZiYmQ1OWE5MjMwYTY2MDE1NGVhMWU3Mjg4
11
- OTdmZTZiOGI0N2NhNGYzZThkMjc3ZWYxMjU5YzhiYTNjNmFmZjE=
12
- data.tar.gz: !binary |-
13
- MTI1NTNhYzExYjVmYjMwNjNjMGUzMDlmYmVmZTk1YjJiN2UwODM4MzYwNzhj
14
- Y2ZhMzYxNTNkM2Y0MWY1YTQ1ZWMyYmQ4NDA3NjJhOGViNTU0MmEwYWY4MTNm
15
- MTczMzNjOTliYWYzODFiY2RiNDZmOGQ2ZWU4ZjdiNWJhMTZlMzA=
data/Guardfile DELETED
@@ -1,6 +0,0 @@
1
- guard 'rspec' do
2
- watch(%r{^spec/.+_spec\.rb$})
3
- watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
4
- watch(%r{^app/controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
5
- watch('spec/spec_helper.rb') { "spec" }
6
- end
@@ -1,37 +0,0 @@
1
- Rails3212::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # In the development environment your application's code is reloaded on
5
- # every request. This slows down response time but is perfect for development
6
- # since you don't have to restart the web server when you make code changes.
7
- config.cache_classes = false
8
-
9
- # Log error messages when you accidentally call methods on nil.
10
- config.whiny_nils = true
11
-
12
- # Show full error reports and disable caching
13
- config.consider_all_requests_local = true
14
- config.action_controller.perform_caching = false
15
-
16
- # Don't care if the mailer can't send
17
- # config.action_mailer.raise_delivery_errors = false
18
-
19
- # Print deprecation notices to the Rails logger
20
- config.active_support.deprecation = :log
21
-
22
- # Only use best-standards-support built into browsers
23
- config.action_dispatch.best_standards_support = :builtin
24
-
25
- # Raise exception on mass assignment protection for Active Record models
26
- # config.active_record.mass_assignment_sanitizer = :strict
27
-
28
- # Log the query plan for queries taking more than this (works
29
- # with SQLite, MySQL, and PostgreSQL)
30
- # config.active_record.auto_explain_threshold_in_seconds = 0.5
31
-
32
- # Do not compress assets
33
- config.assets.compress = false
34
-
35
- # Expands the lines which load the assets
36
- config.assets.debug = true
37
- end
@@ -1,67 +0,0 @@
1
- Rails3212::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # Code is not reloaded between requests
5
- config.cache_classes = true
6
-
7
- # Full error reports are disabled and caching is turned on
8
- config.consider_all_requests_local = false
9
- config.action_controller.perform_caching = true
10
-
11
- # Disable Rails's static asset server (Apache or nginx will already do this)
12
- config.serve_static_assets = false
13
-
14
- # Compress JavaScripts and CSS
15
- config.assets.compress = true
16
-
17
- # Don't fallback to assets pipeline if a precompiled asset is missed
18
- config.assets.compile = false
19
-
20
- # Generate digests for assets URLs
21
- config.assets.digest = true
22
-
23
- # Defaults to nil and saved in location specified by config.assets.prefix
24
- # config.assets.manifest = YOUR_PATH
25
-
26
- # Specifies the header that your server uses for sending files
27
- # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28
- # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29
-
30
- # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
- # config.force_ssl = true
32
-
33
- # See everything in the log (default is :info)
34
- # config.log_level = :debug
35
-
36
- # Prepend all log lines with the following tags
37
- # config.log_tags = [ :subdomain, :uuid ]
38
-
39
- # Use a different logger for distributed setups
40
- # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
41
-
42
- # Use a different cache store in production
43
- # config.cache_store = :mem_cache_store
44
-
45
- # Enable serving of images, stylesheets, and JavaScripts from an asset server
46
- # config.action_controller.asset_host = "http://assets.example.com"
47
-
48
- # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
49
- # config.assets.precompile += %w( search.js )
50
-
51
- # Disable delivery errors, bad email addresses will be ignored
52
- # config.action_mailer.raise_delivery_errors = false
53
-
54
- # Enable threaded mode
55
- # config.threadsafe!
56
-
57
- # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
58
- # the I18n.default_locale when a translation can not be found)
59
- config.i18n.fallbacks = true
60
-
61
- # Send deprecation notices to registered listeners
62
- config.active_support.deprecation = :notify
63
-
64
- # Log the query plan for queries taking more than this (works
65
- # with SQLite, MySQL, and PostgreSQL)
66
- # config.active_record.auto_explain_threshold_in_seconds = 0.5
67
- end
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
- # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
-
6
- # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
- # Rails.backtrace_cleaner.remove_silencers!
@@ -1,15 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new inflection rules using the following format
4
- # (all these examples are active by default):
5
- # ActiveSupport::Inflector.inflections do |inflect|
6
- # inflect.plural /^(ox)$/i, '\1en'
7
- # inflect.singular /^(ox)en/i, '\1'
8
- # inflect.irregular 'person', 'people'
9
- # inflect.uncountable %w( fish sheep )
10
- # end
11
- #
12
- # These inflection rules are supported but not enabled by default:
13
- # ActiveSupport::Inflector.inflections do |inflect|
14
- # inflect.acronym 'RESTful'
15
- # end
@@ -1,5 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new mime types for use in respond_to blocks:
4
- # Mime::Type.register "text/richtext", :rtf
5
- # Mime::Type.register_alias "text/html", :iphone
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Your secret key for verifying the integrity of signed cookies.
4
- # If you change this key, all old signed cookies will become invalid!
5
- # Make sure the secret is at least 30 characters and all random,
6
- # no regular words or you'll be exposed to dictionary attacks.
7
- Rails3212::Application.config.secret_token = '8dd5aabfbd49f9bce1c5b7dee79d7349cb869f54984ead01f7a272e6f75a58413f621733855906dc9cc249b9486d95583519096d92e77b910f82ba4a90326db7'
@@ -1,8 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- Rails3212::Application.config.session_store :cookie_store, :key => '_rails_3_2_12_session'
4
-
5
- # Use the database for sessions instead of the cookie-based default,
6
- # which shouldn't be used to store highly confidential information
7
- # (create the session table with "rails generate session_migration")
8
- # Rails3212::Application.config.session_store :active_record_store
@@ -1,14 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
- #
3
- # This file contains settings for ActionController::ParamsWrapper which
4
- # is enabled by default.
5
-
6
- # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
- ActiveSupport.on_load(:action_controller) do
8
- wrap_parameters :format => [:json]
9
- end
10
-
11
- # Disable root element in JSON by default.
12
- ActiveSupport.on_load(:active_record) do
13
- self.include_root_in_json = false
14
- end
@@ -1,5 +0,0 @@
1
- # Sample localization file for English. Add more files in this directory for other locales.
2
- # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
3
-
4
- en:
5
- hello: "Hello world"
@@ -1,17 +0,0 @@
1
- <%= form_for(@thing) do |f| %>
2
- <% if @thing.errors.any? %>
3
- <div id="error_explanation">
4
- <h2><%= pluralize(@thing.errors.count, "error") %> prohibited this thing from being saved:</h2>
5
-
6
- <ul>
7
- <% @thing.errors.full_messages.each do |msg| %>
8
- <li><%= msg %></li>
9
- <% end %>
10
- </ul>
11
- </div>
12
- <% end %>
13
-
14
- <div class="actions">
15
- <%= f.submit %>
16
- </div>
17
- <% end %>
@@ -1,6 +0,0 @@
1
- <h1>Editing thing</h1>
2
-
3
- <%= render 'form' %>
4
-
5
- <%= link_to 'Show', @thing %> |
6
- <%= link_to 'Back', things_path %>
@@ -1,5 +0,0 @@
1
- <h1>New thing</h1>
2
-
3
- <%= render 'form' %>
4
-
5
- <%= link_to 'Back', things_path %>
@@ -1,5 +0,0 @@
1
- <p id="notice"><%= notice %></p>
2
-
3
-
4
- <%= link_to 'Edit', edit_thing_path(@thing) %> |
5
- <%= link_to 'Back', things_path %>
@@ -1,37 +0,0 @@
1
- Rails3212::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # In the development environment your application's code is reloaded on
5
- # every request. This slows down response time but is perfect for development
6
- # since you don't have to restart the web server when you make code changes.
7
- config.cache_classes = false
8
-
9
- # Log error messages when you accidentally call methods on nil.
10
- config.whiny_nils = true
11
-
12
- # Show full error reports and disable caching
13
- config.consider_all_requests_local = true
14
- config.action_controller.perform_caching = false
15
-
16
- # Don't care if the mailer can't send
17
- # config.action_mailer.raise_delivery_errors = false
18
-
19
- # Print deprecation notices to the Rails logger
20
- config.active_support.deprecation = :log
21
-
22
- # Only use best-standards-support built into browsers
23
- config.action_dispatch.best_standards_support = :builtin
24
-
25
- # Raise exception on mass assignment protection for Active Record models
26
- # config.active_record.mass_assignment_sanitizer = :strict
27
-
28
- # Log the query plan for queries taking more than this (works
29
- # with SQLite, MySQL, and PostgreSQL)
30
- # config.active_record.auto_explain_threshold_in_seconds = 0.5
31
-
32
- # Do not compress assets
33
- config.assets.compress = false
34
-
35
- # Expands the lines which load the assets
36
- config.assets.debug = true
37
- end
@@ -1,67 +0,0 @@
1
- Rails3212::Application.configure do
2
- # Settings specified here will take precedence over those in config/application.rb
3
-
4
- # Code is not reloaded between requests
5
- config.cache_classes = true
6
-
7
- # Full error reports are disabled and caching is turned on
8
- config.consider_all_requests_local = false
9
- config.action_controller.perform_caching = true
10
-
11
- # Disable Rails's static asset server (Apache or nginx will already do this)
12
- config.serve_static_assets = false
13
-
14
- # Compress JavaScripts and CSS
15
- config.assets.compress = true
16
-
17
- # Don't fallback to assets pipeline if a precompiled asset is missed
18
- config.assets.compile = false
19
-
20
- # Generate digests for assets URLs
21
- config.assets.digest = true
22
-
23
- # Defaults to nil and saved in location specified by config.assets.prefix
24
- # config.assets.manifest = YOUR_PATH
25
-
26
- # Specifies the header that your server uses for sending files
27
- # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28
- # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29
-
30
- # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
- # config.force_ssl = true
32
-
33
- # See everything in the log (default is :info)
34
- # config.log_level = :debug
35
-
36
- # Prepend all log lines with the following tags
37
- # config.log_tags = [ :subdomain, :uuid ]
38
-
39
- # Use a different logger for distributed setups
40
- # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
41
-
42
- # Use a different cache store in production
43
- # config.cache_store = :mem_cache_store
44
-
45
- # Enable serving of images, stylesheets, and JavaScripts from an asset server
46
- # config.action_controller.asset_host = "http://assets.example.com"
47
-
48
- # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
49
- # config.assets.precompile += %w( search.js )
50
-
51
- # Disable delivery errors, bad email addresses will be ignored
52
- # config.action_mailer.raise_delivery_errors = false
53
-
54
- # Enable threaded mode
55
- # config.threadsafe!
56
-
57
- # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
58
- # the I18n.default_locale when a translation can not be found)
59
- config.i18n.fallbacks = true
60
-
61
- # Send deprecation notices to registered listeners
62
- config.active_support.deprecation = :notify
63
-
64
- # Log the query plan for queries taking more than this (works
65
- # with SQLite, MySQL, and PostgreSQL)
66
- # config.active_record.auto_explain_threshold_in_seconds = 0.5
67
- end
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
- # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
-
6
- # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
- # Rails.backtrace_cleaner.remove_silencers!
@@ -1,15 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new inflection rules using the following format
4
- # (all these examples are active by default):
5
- # ActiveSupport::Inflector.inflections do |inflect|
6
- # inflect.plural /^(ox)$/i, '\1en'
7
- # inflect.singular /^(ox)en/i, '\1'
8
- # inflect.irregular 'person', 'people'
9
- # inflect.uncountable %w( fish sheep )
10
- # end
11
- #
12
- # These inflection rules are supported but not enabled by default:
13
- # ActiveSupport::Inflector.inflections do |inflect|
14
- # inflect.acronym 'RESTful'
15
- # end
@@ -1,5 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Add new mime types for use in respond_to blocks:
4
- # Mime::Type.register "text/richtext", :rtf
5
- # Mime::Type.register_alias "text/html", :iphone
@@ -1,7 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Your secret key for verifying the integrity of signed cookies.
4
- # If you change this key, all old signed cookies will become invalid!
5
- # Make sure the secret is at least 30 characters and all random,
6
- # no regular words or you'll be exposed to dictionary attacks.
7
- Rails3212::Application.config.secret_token = '8dd5aabfbd49f9bce1c5b7dee79d7349cb869f54984ead01f7a272e6f75a58413f621733855906dc9cc249b9486d95583519096d92e77b910f82ba4a90326db7'
@@ -1,8 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- Rails3212::Application.config.session_store :cookie_store, :key => '_rails_3_2_12_session'
4
-
5
- # Use the database for sessions instead of the cookie-based default,
6
- # which shouldn't be used to store highly confidential information
7
- # (create the session table with "rails generate session_migration")
8
- # Rails3212::Application.config.session_store :active_record_store
@@ -1,14 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
- #
3
- # This file contains settings for ActionController::ParamsWrapper which
4
- # is enabled by default.
5
-
6
- # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
- ActiveSupport.on_load(:action_controller) do
8
- wrap_parameters :format => [:json]
9
- end
10
-
11
- # Disable root element in JSON by default.
12
- ActiveSupport.on_load(:active_record) do
13
- self.include_root_in_json = false
14
- end
@@ -1,5 +0,0 @@
1
- # Sample localization file for English. Add more files in this directory for other locales.
2
- # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
3
-
4
- en:
5
- hello: "Hello world"