secure_headers 4.0.0.alpha02 → 4.0.0.alpha03

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of secure_headers might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/secure_headers.rb +1 -1
  3. data/lib/secure_headers/middleware.rb +1 -1
  4. data/secure_headers.gemspec +1 -1
  5. data/spec/lib/secure_headers/middleware_spec.rb +11 -0
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c3e3971d0169ad3db917dbf0d64e26425c9e8252
4
- data.tar.gz: 6fa1f1c7b0d36063a4be0a19549ced444d6f07b7
3
+ metadata.gz: 85aab6315aa227ca4e8e7814e1044fc43f4d0d3d
4
+ data.tar.gz: 6cbb3f6f3fec29168f3213d794babc76143c3201
5
5
  SHA512:
6
- metadata.gz: d7f430815d9b49f0fdaf5c16854aab22d89f09721975a332769c9e0a2b055522a271a610fc8e8ec89614be286f4d4292e5b2105af61181a2670089f9fb42e58d
7
- data.tar.gz: 044e9282dfc9c0a7b01c3ae4420c44781ffe460819e58d46b2eb7a9f08ba02a91937afed977c9ed13d4f9aad168e2d7b308108e9f977e5c515b6285b74a8f2b6
6
+ metadata.gz: 6e767caf78326e1ed60678dfd22f4f5f8328fbb30dc520d5283f86c018708c3be2326ffb79df585453f7f995771dc8521e1c6ca48e0af787620a60b5de831d26
7
+ data.tar.gz: 1b699528fdcd23ab18921c825e646fd8de323c3d0497b3e482e99386f5ac008bd948ffc1889e9c32f82cbd6b8d40c74c62a18fbeee87622aebc34b043a86c2a4
data/lib/secure_headers.rb CHANGED
@@ -24,7 +24,7 @@ module SecureHeaders
24
24
  class NoOpHeaderConfig
25
25
  include Singleton
26
26
 
27
- def boom(arg = nil)
27
+ def boom(*args)
28
28
  raise "Illegal State: attempted to modify NoOpHeaderConfig. Create a new config instead."
29
29
  end
30
30
 
data/lib/secure_headers/middleware.rb CHANGED
@@ -38,7 +38,7 @@ module SecureHeaders
38
38
 
39
39
  # disable Secure cookies for non-https requests
40
40
  def override_secure(env, config = {})
41
- if scheme(env) != "https"
41
+ if scheme(env) != "https" && config != OPT_OUT
42
42
  config[:secure] = OPT_OUT
43
43
  end
44
44
 
data/secure_headers.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = "secure_headers"
5
- gem.version = "4.0.0.alpha02"
5
+ gem.version = "4.0.0.alpha03"
6
6
  gem.authors = ["Neil Matatall"]
7
7
  gem.email = ["neil.matatall@gmail.com"]
8
8
  gem.description = "Manages application of security headers with many safe defaults."
data/spec/lib/secure_headers/middleware_spec.rb CHANGED
@@ -65,6 +65,17 @@ module SecureHeaders
65
65
  end
66
66
  end
67
67
 
68
+ it "allows opting out of cookie protection with OPT_OUT alone" do
69
+ Configuration.default { |config| config.cookies = OPT_OUT}
70
+
71
+ # do NOT make this request https. non-https requests modify a config,
72
+ # causing an exception when operating on OPT_OUT. This ensures we don't
73
+ # try to modify the config.
74
+ request = Rack::Request.new({})
75
+ _, env = cookie_middleware.call request.env
76
+ expect(env["Set-Cookie"]).to eq("foo=bar")
77
+ end
78
+
68
79
  context "cookies should not be flagged" do
69
80
  it "does not flags cookies as secure" do
70
81
  Configuration.default { |config| config.cookies = {secure: OPT_OUT, httponly: OPT_OUT, samesite: OPT_OUT} }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_headers
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0.alpha02
4
+ version: 4.0.0.alpha03
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neil Matatall