secure_headers 3.4.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rspec +2 -0
- data/.rubocop.yml +3 -0
- data/.ruby-version +1 -1
- data/.travis.yml +8 -4
- data/CHANGELOG.md +113 -1
- data/CODE_OF_CONDUCT.md +46 -0
- data/CONTRIBUTING.md +41 -0
- data/Gemfile +8 -4
- data/Guardfile +1 -0
- data/LICENSE +4 -199
- data/README.md +63 -333
- data/Rakefile +22 -18
- data/docs/HPKP.md +17 -0
- data/docs/cookies.md +64 -0
- data/docs/hashes.md +64 -0
- data/docs/named_overrides_and_appends.md +107 -0
- data/docs/per_action_configuration.md +133 -0
- data/docs/sinatra.md +25 -0
- data/lib/secure_headers/configuration.rb +91 -44
- data/lib/secure_headers/hash_helper.rb +2 -1
- data/lib/secure_headers/headers/clear_site_data.rb +55 -0
- data/lib/secure_headers/headers/content_security_policy.rb +110 -51
- data/lib/secure_headers/headers/content_security_policy_config.rb +162 -0
- data/lib/secure_headers/headers/cookie.rb +21 -3
- data/lib/secure_headers/headers/expect_certificate_transparency.rb +70 -0
- data/lib/secure_headers/headers/policy_management.rb +143 -69
- data/lib/secure_headers/headers/public_key_pins.rb +5 -4
- data/lib/secure_headers/headers/referrer_policy.rb +5 -1
- data/lib/secure_headers/headers/strict_transport_security.rb +2 -1
- data/lib/secure_headers/headers/x_content_type_options.rb +2 -1
- data/lib/secure_headers/headers/x_download_options.rb +3 -2
- data/lib/secure_headers/headers/x_frame_options.rb +2 -1
- data/lib/secure_headers/headers/x_permitted_cross_domain_policies.rb +3 -2
- data/lib/secure_headers/headers/x_xss_protection.rb +2 -1
- data/lib/secure_headers/middleware.rb +10 -9
- data/lib/secure_headers/railtie.rb +7 -6
- data/lib/secure_headers/utils/cookies_config.rb +13 -12
- data/lib/secure_headers/view_helper.rb +12 -3
- data/lib/secure_headers.rb +137 -55
- data/lib/tasks/tasks.rake +2 -1
- data/secure_headers.gemspec +13 -3
- data/spec/lib/secure_headers/configuration_spec.rb +13 -12
- data/spec/lib/secure_headers/headers/clear_site_data_spec.rb +87 -0
- data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +59 -26
- data/spec/lib/secure_headers/headers/cookie_spec.rb +38 -20
- data/spec/lib/secure_headers/headers/expect_certificate_spec.rb +42 -0
- data/spec/lib/secure_headers/headers/policy_management_spec.rb +78 -40
- data/spec/lib/secure_headers/headers/public_key_pins_spec.rb +7 -6
- data/spec/lib/secure_headers/headers/referrer_policy_spec.rb +22 -3
- data/spec/lib/secure_headers/headers/strict_transport_security_spec.rb +5 -4
- data/spec/lib/secure_headers/headers/x_content_type_options_spec.rb +2 -1
- data/spec/lib/secure_headers/headers/x_download_options_spec.rb +3 -2
- data/spec/lib/secure_headers/headers/x_frame_options_spec.rb +2 -1
- data/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb +4 -3
- data/spec/lib/secure_headers/headers/x_xss_protection_spec.rb +4 -3
- data/spec/lib/secure_headers/middleware_spec.rb +39 -19
- data/spec/lib/secure_headers/view_helpers_spec.rb +21 -8
- data/spec/lib/secure_headers_spec.rb +304 -56
- data/spec/spec_helper.rb +13 -24
- data/upgrading-to-4-0.md +55 -0
- metadata +29 -7
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Neil Matatall
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -30,15 +30,15 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 0.15.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
41
|
-
description:
|
|
40
|
+
version: 0.15.0
|
|
41
|
+
description: Manages application of security headers with many safe defaults.
|
|
42
42
|
email:
|
|
43
43
|
- neil.matatall@gmail.com
|
|
44
44
|
executables: []
|
|
@@ -49,20 +49,32 @@ files:
|
|
|
49
49
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
|
50
50
|
- ".gitignore"
|
|
51
51
|
- ".rspec"
|
|
52
|
+
- ".rubocop.yml"
|
|
52
53
|
- ".ruby-gemset"
|
|
53
54
|
- ".ruby-version"
|
|
54
55
|
- ".travis.yml"
|
|
55
56
|
- CHANGELOG.md
|
|
57
|
+
- CODE_OF_CONDUCT.md
|
|
58
|
+
- CONTRIBUTING.md
|
|
56
59
|
- Gemfile
|
|
57
60
|
- Guardfile
|
|
58
61
|
- LICENSE
|
|
59
62
|
- README.md
|
|
60
63
|
- Rakefile
|
|
64
|
+
- docs/HPKP.md
|
|
65
|
+
- docs/cookies.md
|
|
66
|
+
- docs/hashes.md
|
|
67
|
+
- docs/named_overrides_and_appends.md
|
|
68
|
+
- docs/per_action_configuration.md
|
|
69
|
+
- docs/sinatra.md
|
|
61
70
|
- lib/secure_headers.rb
|
|
62
71
|
- lib/secure_headers/configuration.rb
|
|
63
72
|
- lib/secure_headers/hash_helper.rb
|
|
73
|
+
- lib/secure_headers/headers/clear_site_data.rb
|
|
64
74
|
- lib/secure_headers/headers/content_security_policy.rb
|
|
75
|
+
- lib/secure_headers/headers/content_security_policy_config.rb
|
|
65
76
|
- lib/secure_headers/headers/cookie.rb
|
|
77
|
+
- lib/secure_headers/headers/expect_certificate_transparency.rb
|
|
66
78
|
- lib/secure_headers/headers/policy_management.rb
|
|
67
79
|
- lib/secure_headers/headers/public_key_pins.rb
|
|
68
80
|
- lib/secure_headers/headers/referrer_policy.rb
|
|
@@ -79,8 +91,10 @@ files:
|
|
|
79
91
|
- lib/tasks/tasks.rake
|
|
80
92
|
- secure_headers.gemspec
|
|
81
93
|
- spec/lib/secure_headers/configuration_spec.rb
|
|
94
|
+
- spec/lib/secure_headers/headers/clear_site_data_spec.rb
|
|
82
95
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
83
96
|
- spec/lib/secure_headers/headers/cookie_spec.rb
|
|
97
|
+
- spec/lib/secure_headers/headers/expect_certificate_spec.rb
|
|
84
98
|
- spec/lib/secure_headers/headers/policy_management_spec.rb
|
|
85
99
|
- spec/lib/secure_headers/headers/public_key_pins_spec.rb
|
|
86
100
|
- spec/lib/secure_headers/headers/referrer_policy_spec.rb
|
|
@@ -95,11 +109,17 @@ files:
|
|
|
95
109
|
- spec/lib/secure_headers_spec.rb
|
|
96
110
|
- spec/spec_helper.rb
|
|
97
111
|
- upgrading-to-3-0.md
|
|
112
|
+
- upgrading-to-4-0.md
|
|
98
113
|
homepage: https://github.com/twitter/secureheaders
|
|
99
114
|
licenses:
|
|
100
115
|
- Apache Public License 2.0
|
|
101
116
|
metadata: {}
|
|
102
|
-
post_install_message:
|
|
117
|
+
post_install_message: |2+
|
|
118
|
+
|
|
119
|
+
**********
|
|
120
|
+
:wave: secure_headers 4.0 introduces a lot of breaking changes (in the name of security!). It's highly likely you will need to update your secure_headers cookie configuration to avoid breaking things. See the upgrade guide for details: https://github.com/twitter/secureheaders/blob/master/upgrading-to-4-0.md
|
|
121
|
+
**********
|
|
122
|
+
|
|
103
123
|
rdoc_options: []
|
|
104
124
|
require_paths:
|
|
105
125
|
- lib
|
|
@@ -115,15 +135,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
115
135
|
version: '0'
|
|
116
136
|
requirements: []
|
|
117
137
|
rubyforge_project:
|
|
118
|
-
rubygems_version: 2.
|
|
138
|
+
rubygems_version: 2.6.11
|
|
119
139
|
signing_key:
|
|
120
140
|
specification_version: 4
|
|
121
141
|
summary: Add easily configured security headers to responses including content-security-policy,
|
|
122
142
|
x-frame-options, strict-transport-security, etc.
|
|
123
143
|
test_files:
|
|
124
144
|
- spec/lib/secure_headers/configuration_spec.rb
|
|
145
|
+
- spec/lib/secure_headers/headers/clear_site_data_spec.rb
|
|
125
146
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
126
147
|
- spec/lib/secure_headers/headers/cookie_spec.rb
|
|
148
|
+
- spec/lib/secure_headers/headers/expect_certificate_spec.rb
|
|
127
149
|
- spec/lib/secure_headers/headers/policy_management_spec.rb
|
|
128
150
|
- spec/lib/secure_headers/headers/public_key_pins_spec.rb
|
|
129
151
|
- spec/lib/secure_headers/headers/referrer_policy_spec.rb
|