secure_headers 4.0.1 → 4.0.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of secure_headers might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fe8e39e4a81e0429bcba0fde48a5bb670f4bfb21
4
- data.tar.gz: fc5989c5886abaf9245b2e29c3a0fbdb77e03e40
3
+ metadata.gz: bf4c1585c657ad3812d124ed506030b900eb3778
4
+ data.tar.gz: afe30fa230c2e34ef8c9d253210e918dd8412f11
5
5
  SHA512:
6
- metadata.gz: 373cbefd9bf90c0aa486de40aea8b14f45c9855a580048b25a1de9e7475cb597b7c4bda979f79c897fc988a9be38741477994ba295153ccb642846b767ab597d
7
- data.tar.gz: 1911795207a61925df44c32d8ffb23908c909332eab7b579d84a5a008296be0e329fcc950e70885fd876b2c7feed2d4e2c12f65148303f90849757a050b32a04
6
+ metadata.gz: cc3230d801ffffbb1ddb892721b54aa54bba40c0785edaa399754f10d61e3870d385710ad722754dd604922807eb5fc8aece7abfc89a75c8f4f1c9dfb1467d04
7
+ data.tar.gz: 11736ff26de3b9a5ada127edc1a8e32c25a0f75269109de5d60d19dc5dc28932f2bdfc9a44c4f1c13f4a44eee4759bcc8dfe4e08a4a600bc78042767f139489b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 4.0.2
2
+
3
+ - Updates `Expect-CT` header to use a comma separator between directives, as specified in the most current spec.
4
+
1
5
  ## 4.0.1
2
6
 
3
7
  - Adds support for `worker-src` CSP directive to 4.x line (https://github.com/twitter/secureheaders/pull/364)
@@ -49,7 +49,7 @@ module SecureHeaders
49
49
  enforced_directive,
50
50
  max_age_directive,
51
51
  report_uri_directive
52
- ].compact.join("; ").strip
52
+ ].compact.join(", ").strip
53
53
  end
54
54
 
55
55
  def enforced_directive
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = "secure_headers"
5
- gem.version = "4.0.1"
5
+ gem.version = "4.0.2"
6
6
  gem.authors = ["Neil Matatall"]
7
7
  gem.email = ["neil.matatall@gmail.com"]
8
8
  gem.description = "Manages application of security headers with many safe defaults."
@@ -3,13 +3,13 @@ require "spec_helper"
3
3
 
4
4
  module SecureHeaders
5
5
  describe ExpectCertificateTransparency do
6
- specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce; max-age=1234") }
6
+ specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce, max-age=1234") }
7
7
  specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: false).value).to eq("max-age=1234") }
8
8
  specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: "yolocopter").value).to eq("max-age=1234") }
9
- specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234; report-uri=\"https://report-uri.io/expect-ct\"") }
9
+ specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"") }
10
10
  specify do
11
11
  config = { enforce: true, max_age: 1234, report_uri: "https://report-uri.io/expect-ct" }
12
- header_value = "enforce; max-age=1234; report-uri=\"https://report-uri.io/expect-ct\""
12
+ header_value = "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\""
13
13
  expect(ExpectCertificateTransparency.new(config).value).to eq(header_value)
14
14
  end
15
15
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.1
4
+ version: 4.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-03 00:00:00.000000000 Z
11
+ date: 2017-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -94,7 +94,7 @@ files:
94
94
  - spec/lib/secure_headers/headers/clear_site_data_spec.rb
95
95
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
96
96
  - spec/lib/secure_headers/headers/cookie_spec.rb
97
- - spec/lib/secure_headers/headers/expect_certificate_spec.rb
97
+ - spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
98
98
  - spec/lib/secure_headers/headers/policy_management_spec.rb
99
99
  - spec/lib/secure_headers/headers/public_key_pins_spec.rb
100
100
  - spec/lib/secure_headers/headers/referrer_policy_spec.rb
@@ -145,7 +145,7 @@ test_files:
145
145
  - spec/lib/secure_headers/headers/clear_site_data_spec.rb
146
146
  - spec/lib/secure_headers/headers/content_security_policy_spec.rb
147
147
  - spec/lib/secure_headers/headers/cookie_spec.rb
148
- - spec/lib/secure_headers/headers/expect_certificate_spec.rb
148
+ - spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
149
149
  - spec/lib/secure_headers/headers/policy_management_spec.rb
150
150
  - spec/lib/secure_headers/headers/public_key_pins_spec.rb
151
151
  - spec/lib/secure_headers/headers/referrer_policy_spec.rb