secure_headers 6.0.0 → 6.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. checksums.yaml +5 -5
  2. data/.github/dependabot.yml +6 -0
  3. data/.github/workflows/build.yml +24 -0
  4. data/.github/workflows/github-release.yml +28 -0
  5. data/.rubocop.yml +1 -0
  6. data/.ruby-version +1 -1
  7. data/CHANGELOG.md +47 -1
  8. data/Gemfile +4 -1
  9. data/LICENSE +1 -1
  10. data/README.md +70 -30
  11. data/docs/cookies.md +5 -4
  12. data/docs/named_overrides_and_appends.md +3 -6
  13. data/docs/per_action_configuration.md +2 -4
  14. data/docs/upgrading-to-6-0.md +4 -4
  15. data/lib/secure_headers/configuration.rb +24 -16
  16. data/lib/secure_headers/headers/content_security_policy.rb +34 -41
  17. data/lib/secure_headers/headers/content_security_policy_config.rb +15 -48
  18. data/lib/secure_headers/headers/cookie.rb +9 -3
  19. data/lib/secure_headers/headers/policy_management.rb +92 -17
  20. data/lib/secure_headers/middleware.rb +0 -6
  21. data/lib/secure_headers/utils/cookies_config.rb +7 -5
  22. data/lib/secure_headers/version.rb +5 -0
  23. data/lib/secure_headers/view_helper.rb +11 -10
  24. data/lib/secure_headers.rb +3 -11
  25. data/lib/tasks/tasks.rake +6 -7
  26. data/secure_headers.gemspec +9 -5
  27. data/spec/lib/secure_headers/configuration_spec.rb +54 -0
  28. data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +98 -8
  29. data/spec/lib/secure_headers/headers/cookie_spec.rb +22 -25
  30. data/spec/lib/secure_headers/headers/policy_management_spec.rb +29 -19
  31. data/spec/lib/secure_headers/middleware_spec.rb +0 -19
  32. data/spec/lib/secure_headers/view_helpers_spec.rb +5 -4
  33. data/spec/lib/secure_headers_spec.rb +0 -35
  34. data/spec/spec_helper.rb +10 -1
  35. metadata +13 -12
  36. data/.travis.yml +0 -29
  37. data/lib/secure_headers/headers/public_key_pins.rb +0 -81
  38. data/spec/lib/secure_headers/headers/public_key_pins_spec.rb +0 -38
data/lib/secure_headers/headers/public_key_pins.rb DELETED
@@ -1,81 +0,0 @@
1
- # frozen_string_literal: true
2
- module SecureHeaders
3
- class PublicKeyPinsConfigError < StandardError; end
4
- class PublicKeyPins
5
- HEADER_NAME = "Public-Key-Pins".freeze
6
- REPORT_ONLY = "Public-Key-Pins-Report-Only".freeze
7
- HASH_ALGORITHMS = [:sha256].freeze
8
-
9
-
10
- class << self
11
- # Public: make an hpkp header name, value pair
12
- #
13
- # Returns nil if not configured, returns header name and value if configured.
14
- def make_header(config, user_agent = nil)
15
- return if config.nil? || config == OPT_OUT
16
- header = new(config)
17
- [header.name, header.value]
18
- end
19
-
20
- def validate_config!(config)
21
- return if config.nil? || config == OPT_OUT
22
- raise PublicKeyPinsConfigError.new("config must be a hash.") unless config.is_a? Hash
23
-
24
- if !config[:max_age]
25
- raise PublicKeyPinsConfigError.new("max-age is a required directive.")
26
- elsif config[:max_age].to_s !~ /\A\d+\z/
27
- raise PublicKeyPinsConfigError.new("max-age must be a number.
28
- #{config[:max_age]} was supplied.")
29
- elsif config[:pins] && config[:pins].length < 2
30
- raise PublicKeyPinsConfigError.new("A minimum of 2 pins are required.")
31
- end
32
- end
33
- end
34
-
35
- def initialize(config)
36
- @max_age = config.fetch(:max_age, nil)
37
- @pins = config.fetch(:pins, nil)
38
- @report_uri = config.fetch(:report_uri, nil)
39
- @report_only = !!config.fetch(:report_only, nil)
40
- @include_subdomains = !!config.fetch(:include_subdomains, nil)
41
- end
42
-
43
- def name
44
- if @report_only
45
- REPORT_ONLY
46
- else
47
- HEADER_NAME
48
- end
49
- end
50
-
51
- def value
52
- [
53
- max_age_directive,
54
- pin_directives,
55
- report_uri_directive,
56
- subdomain_directive
57
- ].compact.join("; ").strip
58
- end
59
-
60
- def pin_directives
61
- return nil if @pins.nil?
62
- @pins.collect do |pin|
63
- pin.map do |token, hash|
64
- "pin-#{token}=\"#{hash}\"" if HASH_ALGORITHMS.include?(token)
65
- end
66
- end.join("; ")
67
- end
68
-
69
- def max_age_directive
70
- "max-age=#{@max_age}" if @max_age
71
- end
72
-
73
- def report_uri_directive
74
- "report-uri=\"#{@report_uri}\"" if @report_uri
75
- end
76
-
77
- def subdomain_directive
78
- @include_subdomains ? "includeSubDomains" : nil
79
- end
80
- end
81
- end
data/spec/lib/secure_headers/headers/public_key_pins_spec.rb DELETED
@@ -1,38 +0,0 @@
1
- # frozen_string_literal: true
2
- require "spec_helper"
3
-
4
- module SecureHeaders
5
- describe PublicKeyPins do
6
- specify { expect(PublicKeyPins.new(max_age: 1234, report_only: true).name).to eq("Public-Key-Pins-Report-Only") }
7
- specify { expect(PublicKeyPins.new(max_age: 1234).name).to eq("Public-Key-Pins") }
8
-
9
- specify { expect(PublicKeyPins.new(max_age: 1234).value).to eq("max-age=1234") }
10
- specify { expect(PublicKeyPins.new(max_age: 1234).value).to eq("max-age=1234") }
11
- specify do
12
- config = { max_age: 1234, pins: [{ sha256: "base64encodedpin1" }, { sha256: "base64encodedpin2" }] }
13
- header_value = "max-age=1234; pin-sha256=\"base64encodedpin1\"; pin-sha256=\"base64encodedpin2\""
14
- expect(PublicKeyPins.new(config).value).to eq(header_value)
15
- end
16
-
17
- context "with an invalid configuration" do
18
- it "raises an exception when max-age is not provided" do
19
- expect do
20
- PublicKeyPins.validate_config!(foo: "bar")
21
- end.to raise_error(PublicKeyPinsConfigError)
22
- end
23
-
24
- it "raises an exception with an invalid max-age" do
25
- expect do
26
- PublicKeyPins.validate_config!(max_age: "abc123")
27
- end.to raise_error(PublicKeyPinsConfigError)
28
- end
29
-
30
- it "raises an exception with less than 2 pins" do
31
- expect do
32
- config = { max_age: 1234, pins: [{ sha256: "base64encodedpin" }] }
33
- PublicKeyPins.validate_config!(config)
34
- end.to raise_error(PublicKeyPinsConfigError)
35
- end
36
- end
37
- end
38
- end