secure_headers 3.7.2 → 3.7.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of secure_headers might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c119abbad46d190ddf82e5c9868e0b80e300676a
4
- data.tar.gz: 891a862a3adfe690765bae7a0a3a68d31aa3e2ea
3
+ metadata.gz: 5cd934820f1415f10f72f50e9c2b7fa1e28e0c42
4
+ data.tar.gz: 44ab45585f8c160e2c584322a134481762b3d19b
5
5
  SHA512:
6
- metadata.gz: 3d4898ed4bc2aada51f79b6aad95a62a5f8aa45309ab0831c61b8dabacd5af749fe513d495a35186532e68466ff21bd8b51d49c0d0461fc4fa788adc43723bce
7
- data.tar.gz: cf29ea5654f024321177cb81ed8eaec9ea0a910bd665ba0281590584108e74095afc69edc5c8b43a31f3ec5690370f10d0f98bb1b38269cdeda78cd4a6f0a3a3
6
+ metadata.gz: c89380d4d42e28edb2ddd461b2efc14c81591a69b9a7b3c9f95614d103c358565da9e707a6cca3c74d13feec04fb9696a70260129103e92b411b675ab0f73ccd
7
+ data.tar.gz: 40bc10998d062ae8103256061d989db50c3b3a9908905cca2b106c313a0f2e417fcc50e3b89c4dd9b4602b2b49a6d3080cd28e761d9f23c56cfff426bd7cac55
@@ -1,3 +1,7 @@
1
+ ## 3.7.3
2
+
3
+ - Updates `Expect-CT` header to use a comma separator between directives, as specified in the most current spec.
4
+
1
5
  ## 3.7.2
2
6
 
3
7
  - Adds support for `worker-src` CSP directive to 3.x line (https://github.com/twitter/secureheaders/pull/364)
@@ -49,7 +49,7 @@ module SecureHeaders
49
49
  enforced_directive,
50
50
  max_age_directive,
51
51
  report_uri_directive
52
- ].compact.join("; ").strip
52
+ ].compact.join(", ").strip
53
53
  end
54
54
 
55
55
  def enforced_directive
@@ -1,7 +1,7 @@
1
1
  # -*- encoding: utf-8 -*-
2
2
  Gem::Specification.new do |gem|
3
3
  gem.name = "secure_headers"
4
- gem.version = "3.7.2"
4
+ gem.version = "3.7.3"
5
5
  gem.authors = ["Neil Matatall"]
6
6
  gem.email = ["neil.matatall@gmail.com"]
7
7
  gem.description = 'Manages application of security headers with many safe defaults.'
@@ -3,13 +3,13 @@ require "spec_helper"
3
3
 
4
4
  module SecureHeaders
5
5
  describe ExpectCertificateTransparency do
6
- specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce; max-age=1234") }
6
+ specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce, max-age=1234") }
7
7
  specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: false).value).to eq("max-age=1234") }
8
8
  specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: "yolocopter").value).to eq("max-age=1234") }
9
- specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234; report-uri=\"https://report-uri.io/expect-ct\"") }
9
+ specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"") }
10
10
  specify do
11
11
  config = { enforce: true, max_age: 1234, report_uri: "https://report-uri.io/expect-ct" }
12
- header_value = "enforce; max-age=1234; report-uri=\"https://report-uri.io/expect-ct\""
12
+ header_value = "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\""
13
13
  expect(ExpectCertificateTransparency.new(config).value).to eq(header_value)
14
14
  end
15
15
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.2
4
+ version: 3.7.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-03 00:00:00.000000000 Z
11
+ date: 2017-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -93,7 +93,7 @@ files:
93
93
  - spec/lib/secure_headers/headers/clear_site_data_spec.rb
94
94
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
95
95
  - spec/lib/secure_headers/headers/cookie_spec.rb
96
- - spec/lib/secure_headers/headers/expect_certificate_spec.rb
96
+ - spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
97
97
  - spec/lib/secure_headers/headers/policy_management_spec.rb
98
98
  - spec/lib/secure_headers/headers/public_key_pins_spec.rb
99
99
  - spec/lib/secure_headers/headers/referrer_policy_spec.rb
@@ -138,7 +138,7 @@ test_files:
138
138
  - spec/lib/secure_headers/headers/clear_site_data_spec.rb
139
139
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
140
140
  - spec/lib/secure_headers/headers/cookie_spec.rb
141
- - spec/lib/secure_headers/headers/expect_certificate_spec.rb
141
+ - spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
142
142
  - spec/lib/secure_headers/headers/policy_management_spec.rb
143
143
  - spec/lib/secure_headers/headers/public_key_pins_spec.rb
144
144
  - spec/lib/secure_headers/headers/referrer_policy_spec.rb