secure_headers 2.4.1 → 2.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 333c51c1bbbed7415696fa0e8fd7e3147ddcf542
-  data.tar.gz: 798eae0a9dc303a0c72c946e74aa76a2f36e229c
+  metadata.gz: ba37b57a088b6c481e24b7effe725c665061dba6
+  data.tar.gz: d081e7b902b1d6036d8862267c5f3fb179bba219
 SHA512:
-  metadata.gz: 80224aff2b4a8230de68b0338dd5ca4ef19c56b929fe59693d3f01395f7b4c3cab57170b389044dacd0745e43d07cf98951f13de48d646cc17cf8a40befe4d90
-  data.tar.gz: 7f663e76802e8c2282908eb2eefce7a040cf9f5c04da49b825bd147854879a900577f22f9a8e918a973d3019e840e95d08aec6eaeeb3836c6233fb0db0dd8982
+  metadata.gz: fd94590f06966a3d80f635cfda20127bbf5004612cce06d729e90b6c6c69f46a4faf014a34605143f1ccd36b4cda0cf8ad40a6fad5f48c40c04c466438e5a1a0
+  data.tar.gz: 7adee15d4987530bdf8b49ef681642427632ebd2a33595d37025c326bd2b3a8a23062d043bca2b1ed0c3ac305661cb3fd7541aa1b59f59ed9335157e5863a7af

data/lib/secure_headers/headers/content_security_policy.rb

@@ -133,15 +133,6 @@ module SecureHeaders
       @ua = options[:ua]
       @ssl_request = !!options.delete(:ssl)
       @request_uri = options.delete(:request_uri)
-      @http_additions = config.delete(:http_additions)
-      @disable_img_src_data_uri = !!config.delete(:disable_img_src_data_uri)
-      @tag_report_uri = !!config.delete(:tag_report_uri)
-      @script_hashes = config.delete(:script_hashes) || []
-      @app_name = config.delete(:app_name)
-      @app_name = @app_name.call(@controller) if @app_name.respond_to?(:call)
-      @enforce = config.delete(:enforce)
-      @enforce = @enforce.call(@controller) if @enforce.respond_to?(:call)
-      @enforce = !!@enforce
 
       # Config values can be string, array, or lamdba values
       @config = config.inject({}) do |hash, (key, value)|
@@ -153,14 +144,22 @@ module SecureHeaders
               translate_dir_value(val)
             end.flatten.uniq
           end
-        elsif key != :script_hash_middleware
-          raise ArgumentError.new("Unknown directive supplied: #{key}")
         end
 
         hash[key] = config_val
         hash
       end
 
+      @http_additions = @config.delete(:http_additions)
+      @disable_img_src_data_uri = !!@config.delete(:disable_img_src_data_uri)
+      @tag_report_uri = !!@config.delete(:tag_report_uri)
+      @script_hashes = @config.delete(:script_hashes) || []
+      @app_name = @config.delete(:app_name)
+      @app_name = @app_name.call(@controller) if @app_name.respond_to?(:call)
+      @enforce = @config.delete(:enforce)
+      @enforce = @enforce.call(@controller) if @enforce.respond_to?(:call)
+      @enforce = !!@enforce
+
       # normalize and tag the report-uri
       if @config[:report_uri]
         @config[:report_uri] = @config[:report_uri].map do |report_uri|

data/lib/secure_headers/version.rb

@@ -1,3 +1,3 @@
 module SecureHeaders
-  VERSION = "2.4.1"
+  VERSION = "2.4.2"
 end

data/spec/lib/secure_headers/headers/content_security_policy_spec.rb

@@ -142,6 +142,14 @@ module SecureHeaders
     end
 
     describe "#value" do
+      it "does not mutate shared state" do
+        opts = default_opts.merge(enforce: true)
+        policy = ContentSecurityPolicy.new(opts, :request => request_for(CHROME))
+        expect(policy.name).to eq("Content-Security-Policy")
+        policy = ContentSecurityPolicy.new(opts, :request => request_for(CHROME))
+        expect(policy.name).to eq("Content-Security-Policy")
+      end
+
       context "browser sniffing" do
         let(:complex_opts) do
           ALL_DIRECTIVES.inject({}) { |memo, directive| memo[directive] = "'self'"; memo }.merge(:block_all_mixed_content => '')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secure_headers
 version: !ruby/object:Gem::Version
-  version: 2.4.1
+  version: 2.4.2
 platform: ruby
 authors:
 - Neil Matatall
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-14 00:00:00.000000000 Z
+date: 2015-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake