RubyGems - secure_headers - Versions diffs - 3.0.0.pre3 → 3.0.0.rc1 - Mend

secure_headers 3.0.0.pre3 → 3.0.0.rc1

This version of secure_headers might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7e0a5f8e1d4955125f71ede3b2f1bd882ccaca56
-  data.tar.gz: 656cc8d6965a49288b7ccd2ab3fc91fb13ab9792
+  metadata.gz: e4bec2d608a23b54fdc632c66679a911dc0a1564
+  data.tar.gz: 5d9a76704388b4d2ebdd20d521a25d714bcdfc7b
 SHA512:
-  metadata.gz: 4a61ccca281e3968c41aa6daf1d069b6a6aef9d796c62cc0b5c7be45007fc3ca41908f71310c289c854e386dfafbb1b96cfa5eca45fc598f43113edb8b7678f0
-  data.tar.gz: edd0190e206824a91e961131f8f612ac7a10559ced00c9b314cba681d579cfc27c9280205dbe687725579a7a242fcae70c6e4a279bafcb2981e63ee00679c4e6
+  metadata.gz: 9b1db80e56e4c4868f9cd7ff57ae795704ed8f1ff6c57945b50cd0381a1e90b2b58512ff363f0ee92b6eb25548f4427fa9890a0ebbbf8b7d2f825f9699e0e25f
+  data.tar.gz: 86b2e722f705ed10bf770b2d586614705d0b723ccb3c7370e77247499dded581839250bec31243324cda7eac6a69e13454b4033dbb0093ff97dae627f35439dd

@@ -218,7 +218,7 @@ module SecureHeaders
         # when each hash contains a value for a given key.
         original.merge(additions) do |directive, lhs, rhs|
           if source_list?(directive)
-            (lhs.to_a + rhs).uniq.compact
+            (lhs.to_a + rhs.to_a).compact.uniq
           else
             rhs
           end
@@ -343,6 +343,8 @@ module SecureHeaders
     #
     # Returns a string representing a directive.
     def build_directive(directive_name)
+      return if @config[directive_name].nil?
       source_list = @config[directive_name].compact
       return if source_list.empty?

data/secure_headers.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 # -*- encoding: utf-8 -*-
 Gem::Specification.new do |gem|
   gem.name          = "secure_headers"
-  gem.version       = "3.0.0.pre3"
+  gem.version       = "3.0.0.rc1"
   gem.authors       = ["Neil Matatall"]
   gem.email         = ["neil.matatall@gmail.com"]
   gem.description   = 'Security related headers all in one gem.'

@@ -155,6 +155,7 @@ module SecureHeaders
       specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, script_src: %w())).to be true }
       specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, script_src: [nil])).to be true }
       specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, style_src: [nil])).to be true }
+      specify { expect(ContentSecurityPolicy.idempotent_additions?({script_src: %w(a.com b.com)}, style_src: nil)).to be true }
     end
     describe "#value" do
@@ -201,6 +202,11 @@ module SecureHeaders
         expect(csp.value).to eq("default-src example.org")
       end
+      it "does not add a directive if the value is nil" do
+        csp = ContentSecurityPolicy.new(default_src: ["https://example.org"], script_src: nil)
+        expect(csp.value).to eq("default-src example.org")
+      end
       it "deduplicates any source expressions" do
         csp = ContentSecurityPolicy.new(default_src: %w(example.org example.org example.org))
         expect(csp.value).to eq("default-src example.org")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secure_headers
 version: !ruby/object:Gem::Version
-  version: 3.0.0.pre3
+  version: 3.0.0.rc1
 platform: ruby
 authors:
 - Neil Matatall
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-02-11 00:00:00.000000000 Z
+date: 2016-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake