secure_headers 3.6.4 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.rspec +2 -0
  3. data/.rubocop.yml +3 -0
  4. data/.ruby-version +1 -1
  5. data/.travis.yml +8 -6
  6. data/CHANGELOG.md +21 -1
  7. data/CONTRIBUTING.md +3 -5
  8. data/Gemfile +7 -4
  9. data/Guardfile +1 -0
  10. data/README.md +15 -19
  11. data/Rakefile +22 -18
  12. data/docs/cookies.md +16 -2
  13. data/docs/hashes.md +1 -1
  14. data/docs/per_action_configuration.md +28 -0
  15. data/lib/secure_headers/configuration.rb +29 -16
  16. data/lib/secure_headers/hash_helper.rb +2 -1
  17. data/lib/secure_headers/headers/clear_site_data.rb +16 -12
  18. data/lib/secure_headers/headers/content_security_policy.rb +52 -20
  19. data/lib/secure_headers/headers/content_security_policy_config.rb +25 -0
  20. data/lib/secure_headers/headers/cookie.rb +21 -3
  21. data/lib/secure_headers/headers/expect_certificate_transparency.rb +70 -0
  22. data/lib/secure_headers/headers/policy_management.rb +115 -68
  23. data/lib/secure_headers/headers/public_key_pins.rb +5 -4
  24. data/lib/secure_headers/headers/referrer_policy.rb +1 -0
  25. data/lib/secure_headers/headers/strict_transport_security.rb +2 -1
  26. data/lib/secure_headers/headers/x_content_type_options.rb +1 -0
  27. data/lib/secure_headers/headers/x_download_options.rb +2 -1
  28. data/lib/secure_headers/headers/x_frame_options.rb +1 -0
  29. data/lib/secure_headers/headers/x_permitted_cross_domain_policies.rb +2 -1
  30. data/lib/secure_headers/headers/x_xss_protection.rb +2 -1
  31. data/lib/secure_headers/middleware.rb +10 -9
  32. data/lib/secure_headers/railtie.rb +7 -6
  33. data/lib/secure_headers/utils/cookies_config.rb +13 -12
  34. data/lib/secure_headers/view_helper.rb +4 -3
  35. data/lib/secure_headers.rb +6 -2
  36. data/lib/tasks/tasks.rake +2 -1
  37. data/secure_headers.gemspec +13 -3
  38. data/spec/lib/secure_headers/configuration_spec.rb +9 -8
  39. data/spec/lib/secure_headers/headers/clear_site_data_spec.rb +11 -27
  40. data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +42 -26
  41. data/spec/lib/secure_headers/headers/cookie_spec.rb +38 -20
  42. data/spec/lib/secure_headers/headers/expect_certificate_spec.rb +42 -0
  43. data/spec/lib/secure_headers/headers/policy_management_spec.rb +57 -10
  44. data/spec/lib/secure_headers/headers/public_key_pins_spec.rb +7 -6
  45. data/spec/lib/secure_headers/headers/referrer_policy_spec.rb +4 -3
  46. data/spec/lib/secure_headers/headers/strict_transport_security_spec.rb +5 -4
  47. data/spec/lib/secure_headers/headers/x_content_type_options_spec.rb +2 -1
  48. data/spec/lib/secure_headers/headers/x_download_options_spec.rb +3 -2
  49. data/spec/lib/secure_headers/headers/x_frame_options_spec.rb +2 -1
  50. data/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb +4 -3
  51. data/spec/lib/secure_headers/headers/x_xss_protection_spec.rb +4 -3
  52. data/spec/lib/secure_headers/middleware_spec.rb +29 -21
  53. data/spec/lib/secure_headers/view_helpers_spec.rb +5 -5
  54. data/spec/lib/secure_headers_spec.rb +96 -124
  55. data/spec/spec_helper.rb +10 -22
  56. data/upgrading-to-4-0.md +55 -0
  57. metadata +16 -6
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.4
4
+ version: 4.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-03 00:00:00.000000000 Z
11
+ date: 2017-09-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 0.15.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 0.15.0
41
41
  description: Manages application of security headers with many safe defaults.
42
42
  email:
43
43
  - neil.matatall@gmail.com
@@ -49,6 +49,7 @@ files:
49
49
  - ".github/PULL_REQUEST_TEMPLATE.md"
50
50
  - ".gitignore"
51
51
  - ".rspec"
52
+ - ".rubocop.yml"
52
53
  - ".ruby-gemset"
53
54
  - ".ruby-version"
54
55
  - ".travis.yml"
@@ -73,6 +74,7 @@ files:
73
74
  - lib/secure_headers/headers/content_security_policy.rb
74
75
  - lib/secure_headers/headers/content_security_policy_config.rb
75
76
  - lib/secure_headers/headers/cookie.rb
77
+ - lib/secure_headers/headers/expect_certificate_transparency.rb
76
78
  - lib/secure_headers/headers/policy_management.rb
77
79
  - lib/secure_headers/headers/public_key_pins.rb
78
80
  - lib/secure_headers/headers/referrer_policy.rb
@@ -92,6 +94,7 @@ files:
92
94
  - spec/lib/secure_headers/headers/clear_site_data_spec.rb
93
95
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
94
96
  - spec/lib/secure_headers/headers/cookie_spec.rb
97
+ - spec/lib/secure_headers/headers/expect_certificate_spec.rb
95
98
  - spec/lib/secure_headers/headers/policy_management_spec.rb
96
99
  - spec/lib/secure_headers/headers/public_key_pins_spec.rb
97
100
  - spec/lib/secure_headers/headers/referrer_policy_spec.rb
@@ -106,11 +109,17 @@ files:
106
109
  - spec/lib/secure_headers_spec.rb
107
110
  - spec/spec_helper.rb
108
111
  - upgrading-to-3-0.md
112
+ - upgrading-to-4-0.md
109
113
  homepage: https://github.com/twitter/secureheaders
110
114
  licenses:
111
115
  - Apache Public License 2.0
112
116
  metadata: {}
113
- post_install_message:
117
+ post_install_message: |2+
118
+
119
+ **********
120
+ :wave: secure_headers 4.0 introduces a lot of breaking changes (in the name of security!). It's highly likely you will need to update your secure_headers cookie configuration to avoid breaking things. See the upgrade guide for details: https://github.com/twitter/secureheaders/blob/master/upgrading-to-4-0.md
121
+ **********
122
+
114
123
  rdoc_options: []
115
124
  require_paths:
116
125
  - lib
@@ -126,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
126
135
  version: '0'
127
136
  requirements: []
128
137
  rubyforge_project:
129
- rubygems_version: 2.5.2
138
+ rubygems_version: 2.6.11
130
139
  signing_key:
131
140
  specification_version: 4
132
141
  summary: Add easily configured security headers to responses including content-security-policy,
@@ -136,6 +145,7 @@ test_files:
136
145
  - spec/lib/secure_headers/headers/clear_site_data_spec.rb
137
146
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
138
147
  - spec/lib/secure_headers/headers/cookie_spec.rb
148
+ - spec/lib/secure_headers/headers/expect_certificate_spec.rb
139
149
  - spec/lib/secure_headers/headers/policy_management_spec.rb
140
150
  - spec/lib/secure_headers/headers/public_key_pins_spec.rb
141
151
  - spec/lib/secure_headers/headers/referrer_policy_spec.rb