secure_headers 3.0.0.pre3 → 3.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of secure_headers might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/secure_headers/headers/content_security_policy.rb +3 -1
  3. data/secure_headers.gemspec +1 -1
  4. data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +6 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7e0a5f8e1d4955125f71ede3b2f1bd882ccaca56
4
- data.tar.gz: 656cc8d6965a49288b7ccd2ab3fc91fb13ab9792
3
+ metadata.gz: e4bec2d608a23b54fdc632c66679a911dc0a1564
4
+ data.tar.gz: 5d9a76704388b4d2ebdd20d521a25d714bcdfc7b
5
5
  SHA512:
6
- metadata.gz: 4a61ccca281e3968c41aa6daf1d069b6a6aef9d796c62cc0b5c7be45007fc3ca41908f71310c289c854e386dfafbb1b96cfa5eca45fc598f43113edb8b7678f0
7
- data.tar.gz: edd0190e206824a91e961131f8f612ac7a10559ced00c9b314cba681d579cfc27c9280205dbe687725579a7a242fcae70c6e4a279bafcb2981e63ee00679c4e6
6
+ metadata.gz: 9b1db80e56e4c4868f9cd7ff57ae795704ed8f1ff6c57945b50cd0381a1e90b2b58512ff363f0ee92b6eb25548f4427fa9890a0ebbbf8b7d2f825f9699e0e25f
7
+ data.tar.gz: 86b2e722f705ed10bf770b2d586614705d0b723ccb3c7370e77247499dded581839250bec31243324cda7eac6a69e13454b4033dbb0093ff97dae627f35439dd
data/lib/secure_headers/headers/content_security_policy.rb CHANGED
@@ -218,7 +218,7 @@ module SecureHeaders
218
218
  # when each hash contains a value for a given key.
219
219
  original.merge(additions) do |directive, lhs, rhs|
220
220
  if source_list?(directive)
221
- (lhs.to_a + rhs).uniq.compact
221
+ (lhs.to_a + rhs.to_a).compact.uniq
222
222
  else
223
223
  rhs
224
224
  end
@@ -343,6 +343,8 @@ module SecureHeaders
343
343
  #
344
344
  # Returns a string representing a directive.
345
345
  def build_directive(directive_name)
346
+ return if @config[directive_name].nil?
347
+
346
348
  source_list = @config[directive_name].compact
347
349
  return if source_list.empty?
348
350
 
data/secure_headers.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  # -*- encoding: utf-8 -*-
2
2
  Gem::Specification.new do |gem|
3
3
  gem.name = "secure_headers"
4
- gem.version = "3.0.0.pre3"
4
+ gem.version = "3.0.0.rc1"
5
5
  gem.authors = ["Neil Matatall"]
6
6
  gem.email = ["neil.matatall@gmail.com"]
7
7
  gem.description = 'Security related headers all in one gem.'
data/spec/lib/secure_headers/headers/content_security_policy_spec.rb CHANGED
@@ -155,6 +155,7 @@ module SecureHeaders
155
155
  specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, script_src: %w())).to be true }
156
156
  specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, script_src: [nil])).to be true }
157
157
  specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, style_src: [nil])).to be true }
158
+ specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, style_src: nil)).to be true }
158
159
  end
159
160
 
160
161
  describe "#value" do
@@ -201,6 +202,11 @@ module SecureHeaders
201
202
  expect(csp.value).to eq("default-src example.org")
202
203
  end
203
204
 
205
+ it "does not add a directive if the value is nil" do
206
+ csp = ContentSecurityPolicy.new(default_src: ["https://example.org"], script_src: nil)
207
+ expect(csp.value).to eq("default-src example.org")
208
+ end
209
+
204
210
  it "deduplicates any source expressions" do
205
211
  csp = ContentSecurityPolicy.new(default_src: %w(example.org example.org example.org))
206
212
  expect(csp.value).to eq("default-src example.org")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0.pre3
4
+ version: 3.0.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-11 00:00:00.000000000 Z
11
+ date: 2016-02-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake