secure_headers 4.0.0.alpha02 → 4.0.0.alpha03

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of secure_headers might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/secure_headers.rb +1 -1
  3. data/lib/secure_headers/middleware.rb +1 -1
  4. data/secure_headers.gemspec +1 -1
  5. data/spec/lib/secure_headers/middleware_spec.rb +11 -0
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c3e3971d0169ad3db917dbf0d64e26425c9e8252
4
- data.tar.gz: 6fa1f1c7b0d36063a4be0a19549ced444d6f07b7
3
+ metadata.gz: 85aab6315aa227ca4e8e7814e1044fc43f4d0d3d
4
+ data.tar.gz: 6cbb3f6f3fec29168f3213d794babc76143c3201
5
5
  SHA512:
6
- metadata.gz: d7f430815d9b49f0fdaf5c16854aab22d89f09721975a332769c9e0a2b055522a271a610fc8e8ec89614be286f4d4292e5b2105af61181a2670089f9fb42e58d
7
- data.tar.gz: 044e9282dfc9c0a7b01c3ae4420c44781ffe460819e58d46b2eb7a9f08ba02a91937afed977c9ed13d4f9aad168e2d7b308108e9f977e5c515b6285b74a8f2b6
6
+ metadata.gz: 6e767caf78326e1ed60678dfd22f4f5f8328fbb30dc520d5283f86c018708c3be2326ffb79df585453f7f995771dc8521e1c6ca48e0af787620a60b5de831d26
7
+ data.tar.gz: 1b699528fdcd23ab18921c825e646fd8de323c3d0497b3e482e99386f5ac008bd948ffc1889e9c32f82cbd6b8d40c74c62a18fbeee87622aebc34b043a86c2a4
data/lib/secure_headers.rb CHANGED
@@ -24,7 +24,7 @@ module SecureHeaders
24
24
  class NoOpHeaderConfig
25
25
  include Singleton
26
26
 
27
- def boom(arg = nil)
27
+ def boom(*args)
28
28
  raise "Illegal State: attempted to modify NoOpHeaderConfig. Create a new config instead."
29
29
  end
30
30
 
data/lib/secure_headers/middleware.rb CHANGED
@@ -38,7 +38,7 @@ module SecureHeaders
38
38
 
39
39
  # disable Secure cookies for non-https requests
40
40
  def override_secure(env, config = {})
41
- if scheme(env) != "https"
41
+ if scheme(env) != "https" && config != OPT_OUT
42
42
  config[:secure] = OPT_OUT
43
43
  end
44
44
 
data/secure_headers.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = "secure_headers"
5
- gem.version = "4.0.0.alpha02"
5
+ gem.version = "4.0.0.alpha03"
6
6
  gem.authors = ["Neil Matatall"]
7
7
  gem.email = ["neil.matatall@gmail.com"]
8
8
  gem.description = "Manages application of security headers with many safe defaults."
data/spec/lib/secure_headers/middleware_spec.rb CHANGED
@@ -65,6 +65,17 @@ module SecureHeaders
65
65
  end
66
66
  end
67
67
 
68
+ it "allows opting out of cookie protection with OPT_OUT alone" do
69
+ Configuration.default { |config| config.cookies = OPT_OUT}
70
+
71
+ # do NOT make this request https. non-https requests modify a config,
72
+ # causing an exception when operating on OPT_OUT. This ensures we don't
73
+ # try to modify the config.
74
+ request = Rack::Request.new({})
75
+ _, env = cookie_middleware.call request.env
76
+ expect(env["Set-Cookie"]).to eq("foo=bar")
77
+ end
78
+
68
79
  context "cookies should not be flagged" do
69
80
  it "does not flags cookies as secure" do
70
81
  Configuration.default { |config| config.cookies = {secure: OPT_OUT, httponly: OPT_OUT, samesite: OPT_OUT} }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0.alpha02
4
+ version: 4.0.0.alpha03
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall