secure_headers 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of secure_headers might be problematic. Click here for more details.

Files changed (6) hide show
  1. data/Guardfile +1 -1
  2. data/HISTORY.md +5 -0
  3. data/lib/secure_headers/headers/content_security_policy.rb +3 -1
  4. data/lib/secure_headers/version.rb +1 -1
  5. data/spec/lib/secure_headers/headers/content_security_policy_spec.rb +4 -4
  6. metadata +2 -2
data/Guardfile CHANGED
@@ -2,7 +2,7 @@ guard 'spork', :aggressive_kill => false do
2
2
  watch('spec/spec_helper.rb') { :rspec }
3
3
  end
4
4
 
5
- guard 'rspec', :cli => "--color --drb", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
5
+ guard 'rspec', :cli => "--color --drb --debug", :keep_failed => true, :all_after_pass => true, :focus_on_failed => true do
6
6
  watch(%r{^spec/.+_spec\.rb$})
7
7
  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
8
8
  watch(%r{^app/controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
data/HISTORY.md CHANGED
@@ -1,3 +1,8 @@
1
+ 0.2.1
2
+ =======
3
+
4
+ - Firefox headers will now stop overriding report_uri when only a path is supplied
5
+
1
6
  0.2.0
2
7
  =======
3
8
 
data/lib/secure_headers/headers/content_security_policy.rb CHANGED
@@ -177,7 +177,9 @@ module SecureHeaders
177
177
  # we need to forward the request for Firefox.
178
178
  def normalize_reporting_endpoint
179
179
  return unless browser_strategy.normalize_reporting_endpoint?
180
- return unless !same_origin? || URI.parse(report_uri).host.nil?
180
+ if same_origin? || report_uri.nil? || URI.parse(report_uri).host.nil?
181
+ return
182
+ end
181
183
 
182
184
  if forward_endpoint
183
185
  @report_uri = FF_CSP_ENDPOINT
data/lib/secure_headers/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SecureHeaders
2
- VERSION = "0.2.0"
2
+ VERSION = "0.2.1"
3
3
  end
data/spec/lib/secure_headers/headers/content_security_policy_spec.rb CHANGED
@@ -165,9 +165,9 @@ module SecureHeaders
165
165
  csp.report_uri.should == FF_CSP_ENDPOINT
166
166
  end
167
167
 
168
- it "doesn't set report-uri if no forward_endpoint is supplied" do
169
- csp = ContentSecurityPolicy.new({:report_uri => "https://another.example.com"}, :request => request_for(FIREFOX, "https://anexample.com"))
170
- csp.report_uri.should be_nil
168
+ it "doesn't change report-uri if a path supplied" do
169
+ csp = ContentSecurityPolicy.new({:report_uri => "/csp_reports"}, :request => request_for(FIREFOX, "https://anexample.com"))
170
+ csp.report_uri.should == "/csp_reports"
171
171
  end
172
172
 
173
173
  it "forwards if the request_uri is set to a non-matching value" do
@@ -224,7 +224,7 @@ module SecureHeaders
224
224
  context "X-Content-Security-Policy" do
225
225
  it "builds a csp header for firefox" do
226
226
  csp = ContentSecurityPolicy.new(default_opts, :request => request_for(FIREFOX))
227
- csp.value.should == "allow https://*; options inline-script eval-script; img-src data:; script-src https://* data:; style-src https://* chrome-extension: about:;"
227
+ csp.value.should == "allow https://*; options inline-script eval-script; img-src data:; script-src https://* data:; style-src https://* chrome-extension: about:; report-uri /csp_report;"
228
228
  end
229
229
 
230
230
  it "copies connect-src values to xhr_src values" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-02-20 00:00:00.000000000 Z
12
+ date: 2013-02-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: brwsr