secure_headers 1.3.3 → 1.3.4

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NzcxMzdhM2IwMTAxN2IyNTc5OTg5OGY1MmJlZGFlNWJmNjBjM2MzMw==
+  data.tar.gz: !binary |-
+    ODNmNjA1YmY1ODEzMWIxYTU2YWYzYmY3NGFjM2Y1ZDU4MDQ0ODkwMQ==
+SHA512:
+  metadata.gz: !binary |-
+    NGEwNTVlZjBmMTcwN2QxYjI5YjVkZGJhZmJiYTJlY2M3YzEyM2JiN2Q3MzY0
+    NzdmNWNhMDIzMmVhNzNkZWRmZTZiYmQ1OWE5MjMwYTY2MDE1NGVhMWU3Mjg4
+    OTdmZTZiOGI0N2NhNGYzZThkMjc3ZWYxMjU5YzhiYTNjNmFmZjE=
+  data.tar.gz: !binary |-
+    MTI1NTNhYzExYjVmYjMwNjNjMGUzMDlmYmVmZTk1YjJiN2UwODM4MzYwNzhj
+    Y2ZhMzYxNTNkM2Y0MWY1YTQ1ZWMyYmQ4NDA3NjJhOGViNTU0MmEwYWY4MTNm
+    MTczMzNjOTliYWYzODFiY2RiNDZmOGQ2ZWU4ZjdiNWJhMTZlMzA=

data/HISTORY.md

@@ -1,3 +1,10 @@
+1.3.4
+======
+
+* Adds X-Download-Options support
+* Adds support for X-XSS-Protection reporting
+* Defers loading of rails engine for faster boot times
+
 1.3.3
 ======
 

data/fixtures/rails_3_2_12/Gemfile

@@ -1,7 +1,6 @@
 source 'https://rubygems.org'
 
 gem 'rails', '3.2.12'
-gem 'sqlite3'
 gem 'rspec-rails', '>= 2.0.0'
 gem 'secure_headers', :path => '../..'
 gem 'debugger', :platform => :ruby_19

data/fixtures/rails_3_2_12/app/views/things/index.html.erb

@@ -1,21 +1 @@
-<h1>Listing things</h1>
-
-<table>
-  <tr>
-    <th></th>
-    <th></th>
-    <th></th>
-  </tr>
-
-<% @things.each do |thing| %>
-  <tr>
-    <td><%= link_to 'Show', thing %></td>
-    <td><%= link_to 'Edit', edit_thing_path(thing) %></td>
-    <td><%= link_to 'Destroy', thing, method: :delete, data: { confirm: 'Are you sure?' } %></td>
-  </tr>
-<% end %>
-</table>
-
-<br />
-
-<%= link_to 'New Thing', new_thing_path %>
+things

data/fixtures/rails_3_2_12/config/application.rb

@@ -1,10 +1,10 @@
 require File.expand_path('../boot', __FILE__)
 
 # Pick the frameworks you want:
-require "active_record/railtie"
+# require "active_record/railtie"
 require "action_controller/railtie"
-require "action_mailer/railtie"
-require "active_resource/railtie"
+# require "action_mailer/railtie"
+# require "active_resource/railtie"
 require "sprockets/railtie"
 # require "rails/test_unit/railtie"
 
@@ -57,7 +57,7 @@ module Rails3212
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    # config.active_record.whitelist_attributes = true
 
     # Enable the asset pipeline
     config.assets.enabled = true

data/fixtures/rails_3_2_12/config/environments/development.rb

@@ -14,7 +14,7 @@ Rails3212::Application.configure do
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send
-  config.action_mailer.raise_delivery_errors = false
+  # config.action_mailer.raise_delivery_errors = false
 
   # Print deprecation notices to the Rails logger
   config.active_support.deprecation = :log
@@ -23,11 +23,11 @@ Rails3212::Application.configure do
   config.action_dispatch.best_standards_support = :builtin
 
   # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
+  # config.active_record.mass_assignment_sanitizer = :strict
 
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
-  config.active_record.auto_explain_threshold_in_seconds = 0.5
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
 
   # Do not compress assets
   config.assets.compress = false

data/fixtures/rails_3_2_12/config/environments/test.rb

@@ -27,10 +27,10 @@ Rails3212::Application.configure do
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
-  config.action_mailer.delivery_method = :test
+  # config.action_mailer.delivery_method = :test
 
   # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
+  # config.active_record.mass_assignment_sanitizer = :strict
 
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr

data/fixtures/rails_3_2_12/spec/controllers/other_things_controller_spec.rb

@@ -25,6 +25,11 @@ describe OtherThingsController, :type => :controller do
       expect(response.headers['Strict-Transport-Security']).to eq("max-age=315576000")
     end
 
+    it "sets the X-Download-Options header" do
+      get :index
+      expect(response.headers['X-Download-Options']).to eq('noopen')
+    end
+
     it "sets the X-Content-Type-Options header" do
       get :index
       expect(response.headers['X-Content-Type-Options']).to eq("nosniff")

data/fixtures/rails_3_2_12/spec/controllers/things_controller_spec.rb

@@ -28,6 +28,11 @@ describe ThingsController, :type => :controller do
       expect(response.headers['Strict-Transport-Security']).to eq("max-age=315576000")
     end
 
+    it "sets the X-Download-Options header" do
+      get :index
+      expect(response.headers['X-Download-Options']).to eq('noopen')
+    end
+
     it "sets the X-Content-Type-Options header" do
       get :index
       expect(response.headers['X-Content-Type-Options']).to eq("nosniff")

data/fixtures/rails_3_2_12_no_init/Gemfile

@@ -1,7 +1,6 @@
 source 'https://rubygems.org'
 
 gem 'rails', '3.2.12'
-gem 'sqlite3'
 gem 'rspec-rails', '>= 2.0.0'
 gem 'secure_headers', :path => '../..'
 gem 'debugger', :platform => :ruby_19

data/fixtures/rails_3_2_12_no_init/config/application.rb

@@ -1,10 +1,7 @@
 require File.expand_path('../boot', __FILE__)
 
 # Pick the frameworks you want:
-require "active_record/railtie"
 require "action_controller/railtie"
-require "action_mailer/railtie"
-require "active_resource/railtie"
 require "sprockets/railtie"
 # require "rails/test_unit/railtie"
 
@@ -57,7 +54,7 @@ module Rails3212
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    # config.active_record.whitelist_attributes = true
 
     # Enable the asset pipeline
     config.assets.enabled = true

data/fixtures/rails_3_2_12_no_init/config/environments/development.rb

@@ -14,7 +14,7 @@ Rails3212::Application.configure do
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send
-  config.action_mailer.raise_delivery_errors = false
+  # config.action_mailer.raise_delivery_errors = false
 
   # Print deprecation notices to the Rails logger
   config.active_support.deprecation = :log
@@ -23,11 +23,11 @@ Rails3212::Application.configure do
   config.action_dispatch.best_standards_support = :builtin
 
   # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
+  # config.active_record.mass_assignment_sanitizer = :strict
 
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
-  config.active_record.auto_explain_threshold_in_seconds = 0.5
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
 
   # Do not compress assets
   config.assets.compress = false

data/fixtures/rails_3_2_12_no_init/config/environments/test.rb

@@ -27,10 +27,10 @@ Rails3212::Application.configure do
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
-  config.action_mailer.delivery_method = :test
+  # config.action_mailer.delivery_method = :test
 
   # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
+  # config.active_record.mass_assignment_sanitizer = :strict
 
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr

data/fixtures/rails_3_2_12_no_init/spec/controllers/other_things_controller_spec.rb

@@ -24,6 +24,11 @@ describe OtherThingsController, :type => :controller do
       expect(response.headers['Strict-Transport-Security']).to eq(SecureHeaders::StrictTransportSecurity::Constants::DEFAULT_VALUE)
     end
 
+    it "sets the X-Download-Options header" do
+      get :index
+      expect(response.headers['X-Download-Options']).to eq(SecureHeaders::XDownloadOptions::Constants::DEFAULT_VALUE)
+    end
+
     it "sets the X-Content-Type-Options header" do
       get :index
       expect(response.headers['X-Content-Type-Options']).to eq(SecureHeaders::XContentTypeOptions::Constants::DEFAULT_VALUE)

data/fixtures/rails_3_2_12_no_init/spec/controllers/things_controller_spec.rb

@@ -28,6 +28,11 @@ describe ThingsController, :type => :controller do
       expect(response.headers['Strict-Transport-Security']).to eq(SecureHeaders::StrictTransportSecurity::Constants::DEFAULT_VALUE)
     end
 
+    it "sets the X-Download-Options header" do
+      get :index
+      expect(response.headers['X-Download-Options']).to eq(SecureHeaders::XDownloadOptions::Constants::DEFAULT_VALUE)
+    end
+
     it "sets the X-Content-Type-Options header" do
       get :index
       expect(response.headers['X-Content-Type-Options']).to eq(SecureHeaders::XContentTypeOptions::Constants::DEFAULT_VALUE)

data/lib/secure_headers/headers/x_download_options.rb

@@ -0,0 +1,39 @@
+module SecureHeaders
+  class XDOBuildError < StandardError; end
+  class XDownloadOptions < Header
+    module Constants
+      XDO_HEADER_NAME = "X-Download-Options"
+      DEFAULT_VALUE = 'noopen'
+    end
+    include Constants
+
+    def initialize(config = nil)
+      @config = config
+      validate_config unless @config.nil?
+    end
+
+    def name
+      XDO_HEADER_NAME
+    end
+
+    def value
+      case @config
+      when NilClass
+        DEFAULT_VALUE
+      when String
+        @config
+      else
+        @config[:value]
+      end
+    end
+
+    private
+
+    def validate_config
+      value = @config.is_a?(Hash) ? @config[:value] : @config
+      unless value.casecmp(DEFAULT_VALUE) == 0
+        raise XDOBuildError.new("Value can only be nil or 'noopen'")
+      end
+    end
+  end
+end

data/lib/secure_headers/headers/x_xss_protection.rb

@@ -4,7 +4,7 @@ module SecureHeaders
     module Constants
       X_XSS_PROTECTION_HEADER_NAME = 'X-XSS-Protection'
       DEFAULT_VALUE = "1"
-      VALID_X_XSS_HEADER = /\A[01](; mode=block)?\z/i
+      VALID_X_XSS_HEADER = /\A[01](; mode=block)?(; report=.*)?\z/i
     end
     include Constants
 
@@ -26,6 +26,7 @@ module SecureHeaders
       else
         value = @config[:value].to_s
         value += "; mode=#{@config[:mode]}" if @config[:mode]
+        value += "; report=#{@config[:report_uri]}" if @config[:report_uri]
         value
       end
     end

data/lib/secure_headers/railtie.rb

@@ -3,7 +3,11 @@ if defined?(Rails::Railtie)
   module SecureHeaders
     class Railtie < Rails::Engine
       isolate_namespace ::SecureHeaders if defined? isolate_namespace # rails 3.0
-      ActionController::Base.send :include, ::SecureHeaders
+      initializer "secure_headers.action_controller" do
+        ActiveSupport.on_load(:action_controller) do
+          include ::SecureHeaders
+        end
+      end
     end
   end
 else
@@ -34,4 +38,4 @@ else
   if defined? ActionController::Routing
     ActionController::Routing::RouteSet::Mapper.send :include, ::SecureHeaders::Routing::MapperExtensions
   end
-end
+end

data/lib/secure_headers/version.rb

@@ -1,3 +1,3 @@
 module SecureHeaders
-  VERSION = "1.3.3"
+  VERSION = "1.3.4"
 end

data/lib/secure_headers.rb

@@ -2,7 +2,7 @@ module SecureHeaders
   module Configuration
     class << self
       attr_accessor :hsts, :x_frame_options, :x_content_type_options,
-        :x_xss_protection, :csp
+        :x_xss_protection, :csp, :x_download_options
 
       def configure &block
         instance_eval &block
@@ -38,6 +38,7 @@ module SecureHeaders
       before_filter :set_csp_header
       before_filter :set_x_xss_protection_header
       before_filter :set_x_content_type_options_header
+      before_filter :set_x_download_options_header
     end
 
     # we can't use ||= because I'm overloading false => disable, nil => default
@@ -55,6 +56,7 @@ module SecureHeaders
       set_x_frame_options_header(options[:x_frame_options])
       set_x_xss_protection_header(options[:x_xss_protection])
       set_x_content_type_options_header(options[:x_content_type_options])
+      set_x_download_options_header(options[:x_download_options])
     end
 
     # backwards compatibility jank, to be removed in 1.0. Old API required a request
@@ -99,6 +101,10 @@ module SecureHeaders
       set_a_header(:hsts, StrictTransportSecurity, options)
     end
 
+    def set_x_download_options_header(options=self.class.secure_headers_options[:x_download_options])
+      set_a_header(:x_download_options, XDownloadOptions, options)
+    end
+
     private
 
     def set_a_header(name, klass, options=nil)
@@ -128,4 +134,5 @@ require "secure_headers/headers/x_frame_options"
 require "secure_headers/headers/strict_transport_security"
 require "secure_headers/headers/x_xss_protection"
 require "secure_headers/headers/x_content_type_options"
+require "secure_headers/headers/x_download_options"
 require "secure_headers/railtie"

data/spec/lib/secure_headers/headers/x_download_options_spec.rb

@@ -0,0 +1,32 @@
+module SecureHeaders
+  describe XDownloadOptions do
+    specify { expect(XDownloadOptions.new.name).to eq(XDO_HEADER_NAME)}
+    specify { expect(XDownloadOptions.new.value).to eq("noopen")}
+    specify { expect(XDownloadOptions.new('noopen').value).to eq('noopen')}
+    specify { expect(XDownloadOptions.new(:value => 'noopen').value).to eq('noopen') }
+
+    context "invalid configuration values" do
+      it "accepts noopen" do
+        expect {
+          XDownloadOptions.new("noopen")
+        }.not_to raise_error
+
+        expect {
+          XDownloadOptions.new(:value => "noopen")
+        }.not_to raise_error
+      end
+
+      it "accepts nil" do
+        expect {
+          XDownloadOptions.new
+        }.not_to raise_error
+      end
+
+      it "doesn't accept anything besides noopen" do
+        expect {
+          XContentTypeOptions.new("open")
+        }.to raise_error
+      end
+    end
+  end
+end

data/spec/lib/secure_headers/headers/x_xss_protection_spec.rb

@@ -4,6 +4,7 @@ module SecureHeaders
     specify { expect(XXssProtection.new.value).to eq("1")}
     specify { expect(XXssProtection.new("0").value).to eq("0")}
     specify { expect(XXssProtection.new(:value => 1, :mode => 'block').value).to eq('1; mode=block') }
+    specify { expect(XXssProtection.new(:value => 1, :mode => 'block', :report_uri => 'https://www.secure.com/reports').value).to eq('1; mode=block; report=https://www.secure.com/reports') }
 
     context "with invalid configuration" do
       it "should raise an error when providing a string that is not valid" do
@@ -50,4 +51,4 @@ module SecureHeaders
 
     end
   end
-end
+end

data/spec/lib/secure_headers_spec.rb

@@ -54,6 +54,7 @@ describe SecureHeaders do
       config.x_content_type_options = nil
       config.x_xss_protection = nil
       config.csp = nil
+      config.x_download_options = nil
     end
   end
 
@@ -63,12 +64,13 @@ describe SecureHeaders do
     subject.set_x_frame_options_header
     subject.set_x_content_type_options_header
     subject.set_x_xss_protection_header
+    subject.set_x_download_options_header
   end
 
   describe "#ensure_security_headers" do
     it "sets a before filter" do
       options = {}
-      expect(DummyClass).to receive(:before_filter).exactly(5).times
+      expect(DummyClass).to receive(:before_filter).exactly(6).times
       DummyClass.ensure_security_headers(options)
     end
   end
@@ -92,13 +94,14 @@ describe SecureHeaders do
     USER_AGENTS.each do |name, useragent|
       it "sets all default headers for #{name} (smoke test)" do
         stub_user_agent(useragent)
-        number_of_headers = 5
+        number_of_headers = 6
         expect(subject).to receive(:set_header).exactly(number_of_headers).times # a request for a given header
         subject.set_csp_header
         subject.set_x_frame_options_header
         subject.set_hsts_header
         subject.set_x_xss_protection_header
         subject.set_x_content_type_options_header
+        subject.set_x_download_options_header
       end
     end
 
@@ -113,6 +116,11 @@ describe SecureHeaders do
       subject.set_x_xss_protection_header(false)
     end
 
+    it "does not set the X-Download-Options header if disabled" do
+      should_not_assign_header(XDO_HEADER_NAME)
+      subject.set_x_download_options_header(false)
+    end
+
     it "does not set the X-Frame-Options header if disabled" do
       should_not_assign_header(XFO_HEADER_NAME)
       subject.set_x_frame_options_header(false)
@@ -143,6 +151,7 @@ describe SecureHeaders do
           config.x_content_type_options = false
           config.x_xss_protection = false
           config.csp = false
+          config.x_download_options = false
         end
         expect(subject).not_to receive(:set_header)
         set_security_headers(subject)
@@ -163,6 +172,18 @@ describe SecureHeaders do
     end
   end
 
+  describe "#set_x_download_options_header" do
+    it "sets the X-Download-Options header" do
+      should_assign_header(XDO_HEADER_NAME, SecureHeaders::XDownloadOptions::Constants::DEFAULT_VALUE)
+      subject.set_x_download_options_header
+    end
+
+    it "allows a custom X-Download-Options header" do
+      should_assign_header(XDO_HEADER_NAME, "noopen")
+      subject.set_x_download_options_header(:value => 'noopen')
+    end
+  end
+
   describe "#set_strict_transport_security" do
     it "sets the Strict-Transport-Security header" do
       should_assign_header(HSTS_HEADER_NAME, SecureHeaders::StrictTransportSecurity::Constants::DEFAULT_VALUE)

data/spec/spec_helper.rb

@@ -8,3 +8,4 @@ include ::SecureHeaders::ContentSecurityPolicy::Constants
 include ::SecureHeaders::XFrameOptions::Constants
 include ::SecureHeaders::XXssProtection::Constants
 include ::SecureHeaders::XContentTypeOptions::Constants
+include ::SecureHeaders::XDownloadOptions::Constants

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: secure_headers
 version: !ruby/object:Gem::Version
-  version: 1.3.3
-  prerelease: 
+  version: 1.3.4
 platform: ruby
 authors:
 - Neil Matatall
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-15 00:00:00.000000000 Z
+date: 2014-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -55,14 +52,12 @@ files:
 - fixtures/rails_3_2_12/app/controllers/other_things_controller.rb
 - fixtures/rails_3_2_12/app/controllers/things_controller.rb
 - fixtures/rails_3_2_12/app/models/.gitkeep
-- fixtures/rails_3_2_12/app/models/thing.rb
 - fixtures/rails_3_2_12/app/views/layouts/application.html.erb
 - fixtures/rails_3_2_12/app/views/other_things/index.html.erb
 - fixtures/rails_3_2_12/app/views/things/index.html.erb
 - fixtures/rails_3_2_12/config.ru
 - fixtures/rails_3_2_12/config/application.rb
 - fixtures/rails_3_2_12/config/boot.rb
-- fixtures/rails_3_2_12/config/database.yml
 - fixtures/rails_3_2_12/config/environment.rb
 - fixtures/rails_3_2_12/config/environments/development.rb
 - fixtures/rails_3_2_12/config/environments/production.rb
@@ -76,8 +71,6 @@ files:
 - fixtures/rails_3_2_12/config/initializers/wrap_parameters.rb
 - fixtures/rails_3_2_12/config/locales/en.yml
 - fixtures/rails_3_2_12/config/routes.rb
-- fixtures/rails_3_2_12/db/schema.rb
-- fixtures/rails_3_2_12/db/seeds.rb
 - fixtures/rails_3_2_12/lib/assets/.gitkeep
 - fixtures/rails_3_2_12/lib/tasks/.gitkeep
 - fixtures/rails_3_2_12/log/.gitkeep
@@ -95,7 +88,6 @@ files:
 - fixtures/rails_3_2_12_no_init/app/controllers/other_things_controller.rb
 - fixtures/rails_3_2_12_no_init/app/controllers/things_controller.rb
 - fixtures/rails_3_2_12_no_init/app/models/.gitkeep
-- fixtures/rails_3_2_12_no_init/app/models/thing.rb
 - fixtures/rails_3_2_12_no_init/app/views/layouts/application.html.erb
 - fixtures/rails_3_2_12_no_init/app/views/other_things/index.html.erb
 - fixtures/rails_3_2_12_no_init/app/views/things/_form.html.erb
@@ -106,7 +98,6 @@ files:
 - fixtures/rails_3_2_12_no_init/config.ru
 - fixtures/rails_3_2_12_no_init/config/application.rb
 - fixtures/rails_3_2_12_no_init/config/boot.rb
-- fixtures/rails_3_2_12_no_init/config/database.yml
 - fixtures/rails_3_2_12_no_init/config/environment.rb
 - fixtures/rails_3_2_12_no_init/config/environments/development.rb
 - fixtures/rails_3_2_12_no_init/config/environments/production.rb
@@ -119,8 +110,6 @@ files:
 - fixtures/rails_3_2_12_no_init/config/initializers/wrap_parameters.rb
 - fixtures/rails_3_2_12_no_init/config/locales/en.yml
 - fixtures/rails_3_2_12_no_init/config/routes.rb
-- fixtures/rails_3_2_12_no_init/db/schema.rb
-- fixtures/rails_3_2_12_no_init/db/seeds.rb
 - fixtures/rails_3_2_12_no_init/lib/assets/.gitkeep
 - fixtures/rails_3_2_12_no_init/lib/tasks/.gitkeep
 - fixtures/rails_3_2_12_no_init/log/.gitkeep
@@ -135,6 +124,7 @@ files:
 - lib/secure_headers/headers/content_security_policy.rb
 - lib/secure_headers/headers/strict_transport_security.rb
 - lib/secure_headers/headers/x_content_type_options.rb
+- lib/secure_headers/headers/x_download_options.rb
 - lib/secure_headers/headers/x_frame_options.rb
 - lib/secure_headers/headers/x_xss_protection.rb
 - lib/secure_headers/padrino.rb
@@ -145,6 +135,7 @@ files:
 - spec/lib/secure_headers/headers/content_security_policy_spec.rb
 - spec/lib/secure_headers/headers/strict_transport_security_spec.rb
 - spec/lib/secure_headers/headers/x_content_type_options_spec.rb
+- spec/lib/secure_headers/headers/x_download_options_spec.rb
 - spec/lib/secure_headers/headers/x_frame_options_spec.rb
 - spec/lib/secure_headers/headers/x_xss_protection_spec.rb
 - spec/lib/secure_headers_spec.rb
@@ -153,27 +144,26 @@ files:
 homepage: https://github.com/twitter/secureheaders
 licenses:
 - Apache Public License 2.0
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.1.1
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Add easily configured browser headers to responses including content security
   policy, x-frame-options, strict-transport-security and more.
 test_files:
@@ -181,6 +171,7 @@ test_files:
 - spec/lib/secure_headers/headers/content_security_policy_spec.rb
 - spec/lib/secure_headers/headers/strict_transport_security_spec.rb
 - spec/lib/secure_headers/headers/x_content_type_options_spec.rb
+- spec/lib/secure_headers/headers/x_download_options_spec.rb
 - spec/lib/secure_headers/headers/x_frame_options_spec.rb
 - spec/lib/secure_headers/headers/x_xss_protection_spec.rb
 - spec/lib/secure_headers_spec.rb

data/fixtures/rails_3_2_12/app/models/thing.rb

@@ -1,3 +0,0 @@
-class Thing < ActiveRecord::Base
-  # attr_accessible :title, :body
-end

data/fixtures/rails_3_2_12/config/database.yml

@@ -1,25 +0,0 @@
-# SQLite version 3.x
-#   gem install sqlite3
-#
-#   Ensure the SQLite 3 gem is defined in your Gemfile
-#   gem 'sqlite3'
-development:
-  adapter: sqlite3
-  database: db/development.sqlite3
-  pool: 5
-  timeout: 5000
-
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
-test:
-  adapter: sqlite3
-  database: db/test.sqlite3
-  pool: 5
-  timeout: 5000
-
-production:
-  adapter: sqlite3
-  database: db/production.sqlite3
-  pool: 5
-  timeout: 5000

data/fixtures/rails_3_2_12/db/schema.rb

@@ -1,16 +0,0 @@
-# encoding: UTF-8
-# This file is auto-generated from the current state of the database. Instead
-# of editing this file, please use the migrations feature of Active Record to
-# incrementally modify your database, and then regenerate this schema definition.
-#
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
-#
-# It's strongly recommended to check this file into your version control system.
-
-ActiveRecord::Schema.define(:version => 0) do
-
-end

data/fixtures/rails_3_2_12/db/seeds.rb

@@ -1,7 +0,0 @@
-# This file should contain all the record creation needed to seed the database with its default values.
-# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
-#
-# Examples:
-#
-#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
-#   Mayor.create(name: 'Emanuel', city: cities.first)

data/fixtures/rails_3_2_12_no_init/app/models/thing.rb

@@ -1,3 +0,0 @@
-class Thing < ActiveRecord::Base
-  # attr_accessible :title, :body
-end

data/fixtures/rails_3_2_12_no_init/config/database.yml

@@ -1,25 +0,0 @@
-# SQLite version 3.x
-#   gem install sqlite3
-#
-#   Ensure the SQLite 3 gem is defined in your Gemfile
-#   gem 'sqlite3'
-development:
-  adapter: sqlite3
-  database: db/development.sqlite3
-  pool: 5
-  timeout: 5000
-
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
-test:
-  adapter: sqlite3
-  database: db/test.sqlite3
-  pool: 5
-  timeout: 5000
-
-production:
-  adapter: sqlite3
-  database: db/production.sqlite3
-  pool: 5
-  timeout: 5000

data/fixtures/rails_3_2_12_no_init/db/schema.rb

@@ -1,16 +0,0 @@
-# encoding: UTF-8
-# This file is auto-generated from the current state of the database. Instead
-# of editing this file, please use the migrations feature of Active Record to
-# incrementally modify your database, and then regenerate this schema definition.
-#
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
-#
-# It's strongly recommended to check this file into your version control system.
-
-ActiveRecord::Schema.define(:version => 0) do
-
-end

data/fixtures/rails_3_2_12_no_init/db/seeds.rb

@@ -1,7 +0,0 @@
-# This file should contain all the record creation needed to seed the database with its default values.
-# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
-#
-# Examples:
-#
-#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
-#   Mayor.create(name: 'Emanuel', city: cities.first)