secure_headers 4.0.0.alpha02 → 4.0.0.alpha03
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/secure_headers.rb +1 -1
- data/lib/secure_headers/middleware.rb +1 -1
- data/secure_headers.gemspec +1 -1
- data/spec/lib/secure_headers/middleware_spec.rb +11 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 85aab6315aa227ca4e8e7814e1044fc43f4d0d3d
|
4
|
+
data.tar.gz: 6cbb3f6f3fec29168f3213d794babc76143c3201
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e767caf78326e1ed60678dfd22f4f5f8328fbb30dc520d5283f86c018708c3be2326ffb79df585453f7f995771dc8521e1c6ca48e0af787620a60b5de831d26
|
7
|
+
data.tar.gz: 1b699528fdcd23ab18921c825e646fd8de323c3d0497b3e482e99386f5ac008bd948ffc1889e9c32f82cbd6b8d40c74c62a18fbeee87622aebc34b043a86c2a4
|
data/lib/secure_headers.rb
CHANGED
data/secure_headers.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
Gem::Specification.new do |gem|
|
4
4
|
gem.name = "secure_headers"
|
5
|
-
gem.version = "4.0.0.
|
5
|
+
gem.version = "4.0.0.alpha03"
|
6
6
|
gem.authors = ["Neil Matatall"]
|
7
7
|
gem.email = ["neil.matatall@gmail.com"]
|
8
8
|
gem.description = "Manages application of security headers with many safe defaults."
|
@@ -65,6 +65,17 @@ module SecureHeaders
|
|
65
65
|
end
|
66
66
|
end
|
67
67
|
|
68
|
+
it "allows opting out of cookie protection with OPT_OUT alone" do
|
69
|
+
Configuration.default { |config| config.cookies = OPT_OUT}
|
70
|
+
|
71
|
+
# do NOT make this request https. non-https requests modify a config,
|
72
|
+
# causing an exception when operating on OPT_OUT. This ensures we don't
|
73
|
+
# try to modify the config.
|
74
|
+
request = Rack::Request.new({})
|
75
|
+
_, env = cookie_middleware.call request.env
|
76
|
+
expect(env["Set-Cookie"]).to eq("foo=bar")
|
77
|
+
end
|
78
|
+
|
68
79
|
context "cookies should not be flagged" do
|
69
80
|
it "does not flags cookies as secure" do
|
70
81
|
Configuration.default { |config| config.cookies = {secure: OPT_OUT, httponly: OPT_OUT, samesite: OPT_OUT} }
|