secure_headers 1.3.0 → 1.3.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of secure_headers might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +8 -8
  2. data/HISTORY.md +5 -0
  3. data/lib/secure_headers/headers/content_security_policy.rb +7 -2
  4. data/lib/secure_headers/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- NTdiMjdmYmVhNzk2MWQ3YmEwNDNjOWQ0YmZhZDZkNTAyNDlmYmQ1ZQ==
4
+ NjEwM2NiNzBhMjcxYjEzZjJjMjY2NzVjYzhiYTIwOWNlN2U4ZDYxNA==
5
5
  data.tar.gz: !binary |-
6
- ZTIyYjBjNmM5ZTU5YzRhZjU4MjdmNTcwNDAzMjMyZjJlOTFjOWYxMA==
6
+ YTI4M2IwZjI4MzJjZjk1YzI2ZmYwYWI2ZDU0NmM1YzBjMTQ2ZWRjYg==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- NzRjM2QwM2IwZjIyZDMzYzY3OWE2MGVmZTEyNjU3MmQwMzhiODcxYjRlZDlh
10
- ODFmMmExNzgxNDkzN2U5YWFiNGFjYWMwYjUxNGNiMmJiOWM4ZTA0ZmY3Y2Mz
11
- MjFlMTRlNzdiMGQ0MDY5NTM1YTkyNGMxOGJjMDRmMjkyZTIyMjA=
9
+ NDA0NDk3YmIyMGUzZDM1OWIyNGI2MTEzYjQyM2RhNWMwNmE2MmQzY2ZiNDhi
10
+ NDkxNWJlNzQ5Y2E2MTliZjJkZDJlNzFkNjU5YWFlOTUwOTk0ODNkMTcwM2Ux
11
+ NmQ2ODE1NzNlZDcyZjRlZWI4NjMwNTViOTI5Y2U3ZjBjY2Q5ZGE=
12
12
  data.tar.gz: !binary |-
13
- N2I3MzExNWM5MGFjZDI3YjBjMDlkNjgyNWUyODcyZGU3N2NmMjVjZTZkMWVi
14
- Y2FiYmI4YjY3NzRkYzM3NWNkNjE0MGE4ZWMwMjhlMGJhYTI0NmIwYmY4MGFi
15
- YjlhNjdkMTQ1YWQ0NTYwNGJiZmMxMzA3MjlkNmMyMDgyZjhlY2E=
13
+ NTFkNzc1Zjc3OTBlYWZiOWFhYzkxM2ExZjcwODFmOWY0NTQ1ZTcwNWVjNjIw
14
+ NDY4ZThlN2QxODNlZWM0MTg4MWRjN2U2YzlkOTJlYmQ2MjQ3NjY0Y2ZmZDg5
15
+ YmU1N2YxOGU4ZWU1MzAxYjE0Zjg4NjJhMDU1ZDdhZGY2ZGNmYmQ=
data/HISTORY.md CHANGED
@@ -1,3 +1,8 @@
1
+ 1.3.1
2
+ ======
3
+
4
+ Bugfix release: same-origin detection would error out when the URL containined invalid values (like |)
5
+
1
6
  1.3.0
2
7
  ======
3
8
 
data/lib/secure_headers/headers/content_security_policy.rb CHANGED
@@ -177,8 +177,13 @@ module SecureHeaders
177
177
  def same_origin?
178
178
  return unless report_uri && request_uri
179
179
 
180
- origin = URI.parse(request_uri)
181
- uri = URI.parse(report_uri)
180
+ begin
181
+ origin = URI.parse(request_uri)
182
+ uri = URI.parse(report_uri)
183
+ rescue URI::InvalidURIError
184
+ return false
185
+ end
186
+
182
187
  uri.host == origin.host && origin.port == uri.port && origin.scheme == uri.scheme
183
188
  end
184
189
 
data/lib/secure_headers/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SecureHeaders
2
- VERSION = "1.3.0"
2
+ VERSION = "1.3.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-08-09 00:00:00.000000000 Z
11
+ date: 2014-08-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake