secure_headers 2.0.0.pre2 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of secure_headers might be problematic. Click here for more details.

Files changed (37) hide show
  1. data/.travis.yml +7 -1
  2. data/Gemfile +4 -4
  3. data/README.md +1 -31
  4. data/Rakefile +11 -0
  5. data/fixtures/rails_4_1_8/Gemfile +5 -0
  6. data/fixtures/rails_4_1_8/README.rdoc +28 -0
  7. data/fixtures/rails_4_1_8/Rakefile +6 -0
  8. data/fixtures/rails_4_1_8/app/controllers/application_controller.rb +4 -0
  9. data/fixtures/rails_4_1_8/app/controllers/concerns/.keep +0 -0
  10. data/fixtures/rails_4_1_8/app/controllers/other_things_controller.rb +5 -0
  11. data/fixtures/rails_4_1_8/app/controllers/things_controller.rb +5 -0
  12. data/fixtures/rails_4_1_8/app/models/.keep +0 -0
  13. data/fixtures/rails_4_1_8/app/models/concerns/.keep +0 -0
  14. data/fixtures/rails_4_1_8/app/views/layouts/application.html.erb +11 -0
  15. data/fixtures/rails_4_1_8/app/views/other_things/index.html.erb +2 -0
  16. data/fixtures/rails_4_1_8/app/views/things/index.html.erb +1 -0
  17. data/fixtures/rails_4_1_8/config/application.rb +15 -0
  18. data/fixtures/rails_4_1_8/config/boot.rb +4 -0
  19. data/fixtures/rails_4_1_8/config/environment.rb +5 -0
  20. data/fixtures/rails_4_1_8/config/environments/test.rb +10 -0
  21. data/fixtures/rails_4_1_8/config/initializers/secure_headers.rb +17 -0
  22. data/fixtures/rails_4_1_8/config/routes.rb +4 -0
  23. data/fixtures/rails_4_1_8/config/script_hashes.yml +5 -0
  24. data/fixtures/rails_4_1_8/config/secrets.yml +22 -0
  25. data/fixtures/rails_4_1_8/config.ru +4 -0
  26. data/fixtures/rails_4_1_8/lib/assets/.keep +0 -0
  27. data/fixtures/rails_4_1_8/lib/tasks/.keep +0 -0
  28. data/fixtures/rails_4_1_8/log/.keep +0 -0
  29. data/fixtures/rails_4_1_8/spec/controllers/other_things_controller_spec.rb +83 -0
  30. data/fixtures/rails_4_1_8/spec/controllers/things_controller_spec.rb +59 -0
  31. data/fixtures/rails_4_1_8/spec/spec_helper.rb +15 -0
  32. data/fixtures/rails_4_1_8/vendor/assets/javascripts/.keep +0 -0
  33. data/fixtures/rails_4_1_8/vendor/assets/stylesheets/.keep +0 -0
  34. data/lib/secure_headers/railtie.rb +13 -0
  35. data/lib/secure_headers/version.rb +1 -1
  36. metadata +34 -6
  37. data/Guardfile +0 -8
data/.travis.yml CHANGED
@@ -1,5 +1,11 @@
1
+ language: ruby
2
+
1
3
  rvm:
2
- - "2.1.0"
4
+ - "2.1"
3
5
  - "2.0.0"
4
6
  - "1.9.3"
5
7
  - "1.8.7"
8
+ - "jruby-19mode"
9
+
10
+ sudo: false
11
+ cache: bundler
data/Gemfile CHANGED
@@ -4,12 +4,12 @@ gemspec
4
4
 
5
5
  group :test do
6
6
  gem 'rails', '3.2.12'
7
- gem 'sqlite3', :platform => [:ruby, :mswin, :mingw]
8
- gem 'jdbc-sqlite3', :platform => :jruby
7
+ gem 'sqlite3', :platforms => [:ruby, :mswin, :mingw]
8
+ gem 'jdbc-sqlite3', :platforms => [:jruby]
9
9
  gem 'rspec-rails', '>= 3.1'
10
10
  gem 'rspec', '>= 3.1'
11
- gem 'guard-rspec', :platform => [:ruby_19, :ruby_20, :ruby_21]
12
11
  gem 'growl'
13
12
  gem 'rb-fsevent'
14
- gem 'coveralls', :platform => :ruby_19
13
+ gem 'coveralls', :platforms => [:ruby_19]
14
+ gem 'i18n', '< 0.7.0', :platforms => [:ruby_18]
15
15
  end
data/README.md CHANGED
@@ -9,35 +9,9 @@ The gem will automatically apply several headers that are related to security.
9
9
  - X-Download-Options - [Prevent file downloads opening](http://msdn.microsoft.com/en-us/library/ie/jj542450(v=vs.85).aspx)
10
10
  - X-Permitted-Cross-Domain-Policies - [Restrict Adobe Flash Player's access to data](https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html)
11
11
 
12
- This gem has integration with Rails, but works for any Ruby code. See the sinatra example section.
13
-
14
- ## Installation
15
-
16
- Add to your Gemfile
17
-
18
- ```ruby
19
- gem 'secure_headers'
20
- ```
21
-
22
- And then execute:
23
-
24
- ```console
25
- $ bundle
26
- ```
27
-
28
- Or install it yourself as:
29
-
30
- ```console
31
- $ gem install secure_headers
32
- ```
33
-
34
12
  ## Usage
35
13
 
36
- Functionality provided
37
-
38
- - `ensure_security_headers`: will set security-related headers automatically based on the configuration below.
39
-
40
- By default, it will set all of the headers listed in the options section below unless specified.
14
+ - `ensure_security_headers` in a controller will set security-related headers automatically based on the configuration below.
41
15
 
42
16
  ### Disabling
43
17
 
@@ -118,10 +92,6 @@ This configuration will likely work for most applications without modification.
118
92
 
119
93
  ### Content Security Policy (CSP)
120
94
 
121
- All browsers will receive the webkit csp header except Firefox, which gets its own header.
122
- See [WebKit specification](http://www.w3.org/TR/CSP/)
123
- and [Mozilla CSP specification](https://wiki.mozilla.org/Security/CSP/Specification)
124
-
125
95
  ```ruby
126
96
  :csp => {
127
97
  :enforce => false, # sets header to report-only, by default
data/Rakefile CHANGED
@@ -33,6 +33,17 @@ task :all_spec => :spec do
33
33
  fail "Header tests with app not using initializer failed"
34
34
  Dir.chdir pwd
35
35
  end
36
+
37
+ Dir.chdir pwd
38
+ Dir.chdir 'fixtures/rails_4_1_8'
39
+ puts Dir.pwd
40
+ puts `bundle install >> /dev/null; bundle exec rspec spec`
41
+
42
+ unless $? == 0
43
+ fail "Header tests with Rails 4 failed"
44
+ Dir.chdir pwd
45
+ end
46
+
36
47
  end
37
48
 
38
49
  begin
@@ -0,0 +1,5 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gem 'rails', '4.1.8'
4
+ gem 'rspec-rails', '>= 2.0.0'
5
+ gem 'secure_headers', :path => '../..'
@@ -0,0 +1,28 @@
1
+ == README
2
+
3
+ This README would normally document whatever steps are necessary to get the
4
+ application up and running.
5
+
6
+ Things you may want to cover:
7
+
8
+ * Ruby version
9
+
10
+ * System dependencies
11
+
12
+ * Configuration
13
+
14
+ * Database creation
15
+
16
+ * Database initialization
17
+
18
+ * How to run the test suite
19
+
20
+ * Services (job queues, cache servers, search engines, etc.)
21
+
22
+ * Deployment instructions
23
+
24
+ * ...
25
+
26
+
27
+ Please feel free to use a different markup language if you do not plan to run
28
+ <tt>rake doc:app</tt>.
@@ -0,0 +1,6 @@
1
+ # Add your own tasks in files placed in lib/tasks ending in .rake,
2
+ # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
3
+
4
+ require File.expand_path('../config/application', __FILE__)
5
+
6
+ Rails.application.load_tasks
@@ -0,0 +1,4 @@
1
+ class ApplicationController < ActionController::Base
2
+ protect_from_forgery
3
+ ensure_security_headers
4
+ end
@@ -0,0 +1,5 @@
1
+ class OtherThingsController < ApplicationController
2
+ def index
3
+
4
+ end
5
+ end
@@ -0,0 +1,5 @@
1
+ class ThingsController < ApplicationController
2
+ ensure_security_headers :csp => false
3
+ def index
4
+ end
5
+ end
File without changes
File without changes
@@ -0,0 +1,11 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>Rails418</title>
5
+ </head>
6
+ <body>
7
+
8
+ <%= yield %>
9
+ <script>console.log("oh hell yes")</script>
10
+ </body>
11
+ </html>
@@ -0,0 +1,2 @@
1
+ index
2
+ <script>console.log("oh what")</script>
@@ -0,0 +1,15 @@
1
+ require File.expand_path('../boot', __FILE__)
2
+
3
+ require "action_controller/railtie"
4
+ require "sprockets/railtie"
5
+
6
+ # Require the gems listed in Gemfile, including any gems
7
+ # you've limited to :test, :development, or :production.
8
+ Bundler.require(*Rails.groups)
9
+
10
+
11
+ module Rails418
12
+ class Application < Rails::Application
13
+
14
+ end
15
+ end
@@ -0,0 +1,4 @@
1
+ # Set up gems listed in the Gemfile.
2
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
3
+
4
+ require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
@@ -0,0 +1,5 @@
1
+ # Load the Rails application.
2
+ require File.expand_path('../application', __FILE__)
3
+
4
+ # Initialize the Rails application.
5
+ Rails.application.initialize!
@@ -0,0 +1,10 @@
1
+ Rails418::Application.configure do
2
+ config.cache_classes = true
3
+ config.eager_load = false
4
+ config.serve_static_assets = true
5
+ config.static_cache_control = 'public, max-age=3600'
6
+ config.consider_all_requests_local = true
7
+ config.action_controller.perform_caching = false
8
+ config.action_dispatch.show_exceptions = false
9
+ config.action_controller.allow_forgery_protection = false
10
+ end
@@ -0,0 +1,17 @@
1
+ ::SecureHeaders::Configuration.configure do |config|
2
+ config.hsts = { :max_age => 10.years.to_i.to_s, :include_subdomains => false }
3
+ config.x_frame_options = 'DENY'
4
+ config.x_content_type_options = "nosniff"
5
+ config.x_xss_protection = {:value => 0}
6
+ config.x_permitted_cross_domain_policies = 'none'
7
+ csp = {
8
+ :default_src => "self",
9
+ :script_src => "self nonce",
10
+ :disable_fill_missing => true,
11
+ :report_uri => 'somewhere',
12
+ :script_hash_middleware => true,
13
+ :enforce => false # false means warnings only
14
+ }
15
+
16
+ config.csp = csp
17
+ end
@@ -0,0 +1,4 @@
1
+ Rails.application.routes.draw do
2
+ resources :things
3
+ match ':controller(/:action(/:id))(.:format)', :via => [:get, :post]
4
+ end
@@ -0,0 +1,5 @@
1
+ ---
2
+ app/views/layouts/application.html.erb:
3
+ - sha256-VjDxT7saxd2FgaUQQTWw/jsTnvonaoCP/ACWDBTpyhU=
4
+ app/views/other_things/index.html.erb:
5
+ - sha256-ZXAcP8a0y1pPMTJW8pUr43c+XBkgYQBwHOPvXk9mq5A=
@@ -0,0 +1,22 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Your secret key is used for verifying the integrity of signed cookies.
4
+ # If you change this key, all old signed cookies will become invalid!
5
+
6
+ # Make sure the secret is at least 30 characters and all random,
7
+ # no regular words or you'll be exposed to dictionary attacks.
8
+ # You can use `rake secret` to generate a secure secret key.
9
+
10
+ # Make sure the secrets in this file are kept private
11
+ # if you're sharing your code publicly.
12
+
13
+ development:
14
+ secret_key_base: ddba38f932720d8f18257f2a05dc278963a29cf569c45aa97ff4e9fc9bbc78af5a03fcf135caad45caee66ac09f8f9913c1f5e338a61213f420eefa8dd6363d2
15
+
16
+ test:
17
+ secret_key_base: f73abd7eab84fa7af5a2fc0a9c2727c5bad47433e51aa0c9c6b0782dac176a8e7f337e1f93adc6d6fc17027e67a533040b6408e54d72dea2eec6e5b9820dbcb9
18
+
19
+ # Do not keep production secrets in the repository,
20
+ # instead read values from the environment.
21
+ production:
22
+ secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run Rails.application
File without changes
File without changes
File without changes
@@ -0,0 +1,83 @@
1
+ require 'spec_helper'
2
+
3
+ require 'secure_headers/headers/content_security_policy/script_hash_middleware'
4
+
5
+ describe OtherThingsController, :type => :controller do
6
+ include Rack::Test::Methods
7
+
8
+ def app
9
+ OtherThingsController.action(:index)
10
+ end
11
+
12
+ def request(opts = {})
13
+ options = opts.merge(
14
+ {
15
+ 'HTTPS' => 'on',
16
+ 'HTTP_USER_AGENT' => "Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0"
17
+ }
18
+ )
19
+
20
+
21
+ Rack::MockRequest.env_for('/', options)
22
+ end
23
+
24
+
25
+ describe "headers" do
26
+ before(:each) do
27
+ _, @env = app.call(request)
28
+ end
29
+
30
+ it "sets the X-XSS-Protection header" do
31
+ get '/'
32
+ expect(@env['X-XSS-Protection']).to eq('0')
33
+ end
34
+
35
+ it "sets the X-Frame-Options header" do
36
+ get '/'
37
+ expect(@env['X-Frame-Options']).to eq('DENY')
38
+ end
39
+
40
+ it "sets the CSP header with a local reference to a nonce" do
41
+ middleware = ::SecureHeaders::ContentSecurityPolicy::ScriptHashMiddleware.new(app)
42
+ _, env = middleware.call(request(@env))
43
+ expect(env['Content-Security-Policy-Report-Only']).to match(/script-src[^;]*'nonce-[a-zA-Z0-9\+\/=]{44}'/)
44
+ end
45
+
46
+ it "sets the required hashes to whitelist inline script" do
47
+ middleware = ::SecureHeaders::ContentSecurityPolicy::ScriptHashMiddleware.new(app)
48
+ _, env = middleware.call(request(@env))
49
+ hashes = ['sha256-VjDxT7saxd2FgaUQQTWw/jsTnvonaoCP/ACWDBTpyhU=', 'sha256-ZXAcP8a0y1pPMTJW8pUr43c+XBkgYQBwHOPvXk9mq5A=']
50
+ hashes.each do |hash|
51
+ expect(env['Content-Security-Policy-Report-Only']).to include(hash)
52
+ end
53
+ end
54
+
55
+ it "sets the Strict-Transport-Security header" do
56
+ get '/'
57
+ expect(@env['Strict-Transport-Security']).to eq("max-age=315576000")
58
+ end
59
+
60
+ it "sets the X-Download-Options header" do
61
+ get '/'
62
+ expect(@env['X-Download-Options']).to eq('noopen')
63
+ end
64
+
65
+ it "sets the X-Content-Type-Options header" do
66
+ get '/'
67
+ expect(@env['X-Content-Type-Options']).to eq("nosniff")
68
+ end
69
+
70
+ it "sets the X-Permitted-Cross-Domain-Policies" do
71
+ get '/'
72
+ expect(@env['X-Permitted-Cross-Domain-Policies']).to eq("none")
73
+ end
74
+
75
+ context "using IE" do
76
+ it "sets the X-Content-Type-Options header" do
77
+ @env['HTTP_USER_AGENT'] = "Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0"
78
+ get '/'
79
+ expect(@env['X-Content-Type-Options']).to eq("nosniff")
80
+ end
81
+ end
82
+ end
83
+ end
@@ -0,0 +1,59 @@
1
+ # config.action_dispatch.default_headers defaults to:
2
+ # {"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff"}
3
+ # so we want to set our specs to expect something else to ensure secureheaders is taking precedence
4
+
5
+ require 'spec_helper'
6
+
7
+ # This controller is meant to be something that inherits config from application controller
8
+ # all values are defaulted because no initializer is configured, and the values in app controller
9
+ # only provide csp => false
10
+
11
+ describe ThingsController, :type => :controller do
12
+
13
+ describe "headers" do
14
+ it "sets the X-XSS-Protection header" do
15
+ get :index
16
+ expect(response.headers['X-XSS-Protection']).to eq('0')
17
+ end
18
+
19
+ it "sets the X-Frame-Options header" do
20
+ get :index
21
+ expect(response.headers['X-Frame-Options']).to eq('DENY')
22
+ end
23
+
24
+ it "does not set CSP header" do
25
+ get :index
26
+ expect(response.headers['Content-Security-Policy-Report-Only']).to eq(nil)
27
+ end
28
+
29
+ #mock ssl
30
+ it "sets the Strict-Transport-Security header" do
31
+ request.env['HTTPS'] = 'on'
32
+ get :index
33
+ expect(response.headers['Strict-Transport-Security']).to eq("max-age=315576000")
34
+ end
35
+
36
+ it "sets the X-Download-Options header" do
37
+ get :index
38
+ expect(response.headers['X-Download-Options']).to eq('noopen')
39
+ end
40
+
41
+ it "sets the X-Content-Type-Options header" do
42
+ get :index
43
+ expect(response.headers['X-Content-Type-Options']).to eq("nosniff")
44
+ end
45
+
46
+ it "sets the X-Permitted-Cross-Domain-Policies" do
47
+ get :index
48
+ expect(response.headers['X-Permitted-Cross-Domain-Policies']).to eq("none")
49
+ end
50
+
51
+ context "using IE" do
52
+ it "sets the X-Content-Type-Options header" do
53
+ request.env['HTTP_USER_AGENT'] = "Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0"
54
+ get :index
55
+ expect(response.headers['X-Content-Type-Options']).to eq("nosniff")
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,15 @@
1
+ require 'rubygems'
2
+
3
+ #uncomment the following line to use spork with the debugger
4
+ #require 'spork/ext/ruby-debug'
5
+
6
+ # Spork.prefork do
7
+ # Loading more in this block will cause your tests to run faster. However,
8
+ # if you change any configuration or code from libraries loaded here, you'll
9
+ # need to restart spork for it take effect.
10
+ # This file is copied to spec/ when you run 'rails generate rspec:install'
11
+ ENV["RAILS_ENV"] ||= 'test'
12
+ require File.expand_path("../../config/environment", __FILE__)
13
+ require 'rspec/rails'
14
+ # end
15
+
@@ -3,9 +3,22 @@ if defined?(Rails::Railtie)
3
3
  module SecureHeaders
4
4
  class Railtie < Rails::Engine
5
5
  isolate_namespace ::SecureHeaders if defined? isolate_namespace # rails 3.0
6
+ conflicting_headers = ['X-Frame-Options', 'X-XSS-Protection', 'X-Content-Type-Options',
7
+ 'X-Permitted-Cross-Domain-Policies', 'X-Download-Options',
8
+ 'X-Content-Type-Options', 'Strict-Transport-Security',
9
+ 'Content-Security-Policy', 'Content-Security-Policy-Report-Only',
10
+ 'X-Permitted-Cross-Domain-Policies','Public-Key-Pins','Public-Key-Pins-Report-Only']
11
+
6
12
  initializer "secure_headers.action_controller" do
7
13
  ActiveSupport.on_load(:action_controller) do
8
14
  include ::SecureHeaders
15
+
16
+ unless Rails.application.config.action_dispatch.default_headers.nil?
17
+ conflicting_headers.each do |header|
18
+ Rails.application.config.action_dispatch.default_headers.delete(header)
19
+ end
20
+ end
21
+
9
22
  end
10
23
  end
11
24
  end
@@ -1,3 +1,3 @@
1
1
  module SecureHeaders
2
- VERSION = "2.0.0.pre2"
2
+ VERSION = "2.0.0"
3
3
  end
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0.pre2
5
- prerelease: 6
4
+ version: 2.0.0
5
+ prerelease:
6
6
  platform: ruby
7
7
  authors:
8
8
  - Neil Matatall
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-12-06 00:00:00.000000000 Z
12
+ date: 2015-01-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -39,7 +39,6 @@ files:
39
39
  - .ruby-version
40
40
  - .travis.yml
41
41
  - Gemfile
42
- - Guardfile
43
42
  - LICENSE
44
43
  - README.md
45
44
  - Rakefile
@@ -97,6 +96,35 @@ files:
97
96
  - fixtures/rails_3_2_12_no_init/vendor/assets/javascripts/.gitkeep
98
97
  - fixtures/rails_3_2_12_no_init/vendor/assets/stylesheets/.gitkeep
99
98
  - fixtures/rails_3_2_12_no_init/vendor/plugins/.gitkeep
99
+ - fixtures/rails_4_1_8/Gemfile
100
+ - fixtures/rails_4_1_8/README.rdoc
101
+ - fixtures/rails_4_1_8/Rakefile
102
+ - fixtures/rails_4_1_8/app/controllers/application_controller.rb
103
+ - fixtures/rails_4_1_8/app/controllers/concerns/.keep
104
+ - fixtures/rails_4_1_8/app/controllers/other_things_controller.rb
105
+ - fixtures/rails_4_1_8/app/controllers/things_controller.rb
106
+ - fixtures/rails_4_1_8/app/models/.keep
107
+ - fixtures/rails_4_1_8/app/models/concerns/.keep
108
+ - fixtures/rails_4_1_8/app/views/layouts/application.html.erb
109
+ - fixtures/rails_4_1_8/app/views/other_things/index.html.erb
110
+ - fixtures/rails_4_1_8/app/views/things/index.html.erb
111
+ - fixtures/rails_4_1_8/config.ru
112
+ - fixtures/rails_4_1_8/config/application.rb
113
+ - fixtures/rails_4_1_8/config/boot.rb
114
+ - fixtures/rails_4_1_8/config/environment.rb
115
+ - fixtures/rails_4_1_8/config/environments/test.rb
116
+ - fixtures/rails_4_1_8/config/initializers/secure_headers.rb
117
+ - fixtures/rails_4_1_8/config/routes.rb
118
+ - fixtures/rails_4_1_8/config/script_hashes.yml
119
+ - fixtures/rails_4_1_8/config/secrets.yml
120
+ - fixtures/rails_4_1_8/lib/assets/.keep
121
+ - fixtures/rails_4_1_8/lib/tasks/.keep
122
+ - fixtures/rails_4_1_8/log/.keep
123
+ - fixtures/rails_4_1_8/spec/controllers/other_things_controller_spec.rb
124
+ - fixtures/rails_4_1_8/spec/controllers/things_controller_spec.rb
125
+ - fixtures/rails_4_1_8/spec/spec_helper.rb
126
+ - fixtures/rails_4_1_8/vendor/assets/javascripts/.keep
127
+ - fixtures/rails_4_1_8/vendor/assets/stylesheets/.keep
100
128
  - lib/secure_headers.rb
101
129
  - lib/secure_headers/hash_helper.rb
102
130
  - lib/secure_headers/header.rb
@@ -141,9 +169,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
141
169
  required_rubygems_version: !ruby/object:Gem::Requirement
142
170
  none: false
143
171
  requirements:
144
- - - ! '>'
172
+ - - ! '>='
145
173
  - !ruby/object:Gem::Version
146
- version: 1.3.1
174
+ version: '0'
147
175
  requirements: []
148
176
  rubyforge_project:
149
177
  rubygems_version: 1.8.23
data/Guardfile DELETED
@@ -1,8 +0,0 @@
1
- notification :growl
2
-
3
- guard 'rspec', cmd: 'rspec' do
4
- watch(%r{^spec/.+_spec\.rb$})
5
- watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
6
- watch(%r{^app/controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
7
- watch('spec/spec_helper.rb') { "spec" }
8
- end