secure_headers 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
data/Guardfile
CHANGED
@@ -2,7 +2,7 @@ guard 'spork', :aggressive_kill => false do
|
|
2
2
|
watch('spec/spec_helper.rb') { :rspec }
|
3
3
|
end
|
4
4
|
|
5
|
-
guard 'rspec', :cli => "--color --drb", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
|
5
|
+
guard 'rspec', :cli => "--color --drb --debug", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
|
6
6
|
watch(%r{^spec/.+_spec\.rb$})
|
7
7
|
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
|
8
8
|
watch(%r{^app/controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
|
data/HISTORY.md
CHANGED
@@ -177,7 +177,9 @@ module SecureHeaders
|
|
177
177
|
# we need to forward the request for Firefox.
|
178
178
|
def normalize_reporting_endpoint
|
179
179
|
return unless browser_strategy.normalize_reporting_endpoint?
|
180
|
-
|
180
|
+
if same_origin? || report_uri.nil? || URI.parse(report_uri).host.nil?
|
181
|
+
return
|
182
|
+
end
|
181
183
|
|
182
184
|
if forward_endpoint
|
183
185
|
@report_uri = FF_CSP_ENDPOINT
|
@@ -165,9 +165,9 @@ module SecureHeaders
|
|
165
165
|
csp.report_uri.should == FF_CSP_ENDPOINT
|
166
166
|
end
|
167
167
|
|
168
|
-
it "doesn't
|
169
|
-
csp = ContentSecurityPolicy.new({:report_uri => "
|
170
|
-
csp.report_uri.should
|
168
|
+
it "doesn't change report-uri if a path supplied" do
|
169
|
+
csp = ContentSecurityPolicy.new({:report_uri => "/csp_reports"}, :request => request_for(FIREFOX, "https://anexample.com"))
|
170
|
+
csp.report_uri.should == "/csp_reports"
|
171
171
|
end
|
172
172
|
|
173
173
|
it "forwards if the request_uri is set to a non-matching value" do
|
@@ -224,7 +224,7 @@ module SecureHeaders
|
|
224
224
|
context "X-Content-Security-Policy" do
|
225
225
|
it "builds a csp header for firefox" do
|
226
226
|
csp = ContentSecurityPolicy.new(default_opts, :request => request_for(FIREFOX))
|
227
|
-
csp.value.should == "allow https://*; options inline-script eval-script; img-src data:; script-src https://* data:; style-src https://* chrome-extension: about:;"
|
227
|
+
csp.value.should == "allow https://*; options inline-script eval-script; img-src data:; script-src https://* data:; style-src https://* chrome-extension: about:; report-uri /csp_report;"
|
228
228
|
end
|
229
229
|
|
230
230
|
it "copies connect-src values to xhr_src values" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_headers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-02-
|
12
|
+
date: 2013-02-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: brwsr
|