secure_headers 3.6.4 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rspec +2 -0
- data/.rubocop.yml +3 -0
- data/.ruby-version +1 -1
- data/.travis.yml +8 -6
- data/CHANGELOG.md +21 -1
- data/CONTRIBUTING.md +3 -5
- data/Gemfile +7 -4
- data/Guardfile +1 -0
- data/README.md +15 -19
- data/Rakefile +22 -18
- data/docs/cookies.md +16 -2
- data/docs/hashes.md +1 -1
- data/docs/per_action_configuration.md +28 -0
- data/lib/secure_headers/configuration.rb +29 -16
- data/lib/secure_headers/hash_helper.rb +2 -1
- data/lib/secure_headers/headers/clear_site_data.rb +16 -12
- data/lib/secure_headers/headers/content_security_policy.rb +52 -20
- data/lib/secure_headers/headers/content_security_policy_config.rb +25 -0
- data/lib/secure_headers/headers/cookie.rb +21 -3
- data/lib/secure_headers/headers/expect_certificate_transparency.rb +70 -0
- data/lib/secure_headers/headers/policy_management.rb +115 -68
- data/lib/secure_headers/headers/public_key_pins.rb +5 -4
- data/lib/secure_headers/headers/referrer_policy.rb +1 -0
- data/lib/secure_headers/headers/strict_transport_security.rb +2 -1
- data/lib/secure_headers/headers/x_content_type_options.rb +1 -0
- data/lib/secure_headers/headers/x_download_options.rb +2 -1
- data/lib/secure_headers/headers/x_frame_options.rb +1 -0
- data/lib/secure_headers/headers/x_permitted_cross_domain_policies.rb +2 -1
- data/lib/secure_headers/headers/x_xss_protection.rb +2 -1
- data/lib/secure_headers/middleware.rb +10 -9
- data/lib/secure_headers/railtie.rb +7 -6
- data/lib/secure_headers/utils/cookies_config.rb +13 -12
- data/lib/secure_headers/view_helper.rb +4 -3
- data/lib/secure_headers.rb +6 -2
- data/lib/tasks/tasks.rake +2 -1
- data/secure_headers.gemspec +13 -3
- data/spec/lib/secure_headers/configuration_spec.rb +9 -8
- data/spec/lib/secure_headers/headers/clear_site_data_spec.rb +11 -27
- data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +42 -26
- data/spec/lib/secure_headers/headers/cookie_spec.rb +38 -20
- data/spec/lib/secure_headers/headers/expect_certificate_spec.rb +42 -0
- data/spec/lib/secure_headers/headers/policy_management_spec.rb +57 -10
- data/spec/lib/secure_headers/headers/public_key_pins_spec.rb +7 -6
- data/spec/lib/secure_headers/headers/referrer_policy_spec.rb +4 -3
- data/spec/lib/secure_headers/headers/strict_transport_security_spec.rb +5 -4
- data/spec/lib/secure_headers/headers/x_content_type_options_spec.rb +2 -1
- data/spec/lib/secure_headers/headers/x_download_options_spec.rb +3 -2
- data/spec/lib/secure_headers/headers/x_frame_options_spec.rb +2 -1
- data/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb +4 -3
- data/spec/lib/secure_headers/headers/x_xss_protection_spec.rb +4 -3
- data/spec/lib/secure_headers/middleware_spec.rb +29 -21
- data/spec/lib/secure_headers/view_helpers_spec.rb +5 -5
- data/spec/lib/secure_headers_spec.rb +96 -124
- data/spec/spec_helper.rb +10 -22
- data/upgrading-to-4-0.md +55 -0
- metadata +16 -6
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Neil Matatall
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 0.15.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 0.15.0
|
|
41
41
|
description: Manages application of security headers with many safe defaults.
|
|
42
42
|
email:
|
|
43
43
|
- neil.matatall@gmail.com
|
|
@@ -49,6 +49,7 @@ files:
|
|
|
49
49
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
|
50
50
|
- ".gitignore"
|
|
51
51
|
- ".rspec"
|
|
52
|
+
- ".rubocop.yml"
|
|
52
53
|
- ".ruby-gemset"
|
|
53
54
|
- ".ruby-version"
|
|
54
55
|
- ".travis.yml"
|
|
@@ -73,6 +74,7 @@ files:
|
|
|
73
74
|
- lib/secure_headers/headers/content_security_policy.rb
|
|
74
75
|
- lib/secure_headers/headers/content_security_policy_config.rb
|
|
75
76
|
- lib/secure_headers/headers/cookie.rb
|
|
77
|
+
- lib/secure_headers/headers/expect_certificate_transparency.rb
|
|
76
78
|
- lib/secure_headers/headers/policy_management.rb
|
|
77
79
|
- lib/secure_headers/headers/public_key_pins.rb
|
|
78
80
|
- lib/secure_headers/headers/referrer_policy.rb
|
|
@@ -92,6 +94,7 @@ files:
|
|
|
92
94
|
- spec/lib/secure_headers/headers/clear_site_data_spec.rb
|
|
93
95
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
94
96
|
- spec/lib/secure_headers/headers/cookie_spec.rb
|
|
97
|
+
- spec/lib/secure_headers/headers/expect_certificate_spec.rb
|
|
95
98
|
- spec/lib/secure_headers/headers/policy_management_spec.rb
|
|
96
99
|
- spec/lib/secure_headers/headers/public_key_pins_spec.rb
|
|
97
100
|
- spec/lib/secure_headers/headers/referrer_policy_spec.rb
|
|
@@ -106,11 +109,17 @@ files:
|
|
|
106
109
|
- spec/lib/secure_headers_spec.rb
|
|
107
110
|
- spec/spec_helper.rb
|
|
108
111
|
- upgrading-to-3-0.md
|
|
112
|
+
- upgrading-to-4-0.md
|
|
109
113
|
homepage: https://github.com/twitter/secureheaders
|
|
110
114
|
licenses:
|
|
111
115
|
- Apache Public License 2.0
|
|
112
116
|
metadata: {}
|
|
113
|
-
post_install_message:
|
|
117
|
+
post_install_message: |2+
|
|
118
|
+
|
|
119
|
+
**********
|
|
120
|
+
:wave: secure_headers 4.0 introduces a lot of breaking changes (in the name of security!). It's highly likely you will need to update your secure_headers cookie configuration to avoid breaking things. See the upgrade guide for details: https://github.com/twitter/secureheaders/blob/master/upgrading-to-4-0.md
|
|
121
|
+
**********
|
|
122
|
+
|
|
114
123
|
rdoc_options: []
|
|
115
124
|
require_paths:
|
|
116
125
|
- lib
|
|
@@ -126,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
126
135
|
version: '0'
|
|
127
136
|
requirements: []
|
|
128
137
|
rubyforge_project:
|
|
129
|
-
rubygems_version: 2.
|
|
138
|
+
rubygems_version: 2.6.11
|
|
130
139
|
signing_key:
|
|
131
140
|
specification_version: 4
|
|
132
141
|
summary: Add easily configured security headers to responses including content-security-policy,
|
|
@@ -136,6 +145,7 @@ test_files:
|
|
|
136
145
|
- spec/lib/secure_headers/headers/clear_site_data_spec.rb
|
|
137
146
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
|
138
147
|
- spec/lib/secure_headers/headers/cookie_spec.rb
|
|
148
|
+
- spec/lib/secure_headers/headers/expect_certificate_spec.rb
|
|
139
149
|
- spec/lib/secure_headers/headers/policy_management_spec.rb
|
|
140
150
|
- spec/lib/secure_headers/headers/public_key_pins_spec.rb
|
|
141
151
|
- spec/lib/secure_headers/headers/referrer_policy_spec.rb
|