secure_headers 5.0.0.alpha01 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 36d743dc370dce07a032c6e5154eef9081e5d258
|
4
|
+
data.tar.gz: 89c7965e04093df147c7543f9b3cd4cc3e347e41
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 11985973764bd80715c68e232e977074f084557deea8b2b96962d5c74f79af81601df30d6dda3150d5b278c75ee7f45c95e93bac26d62265fd5dabd99a39e024
|
7
|
+
data.tar.gz: 9cf62ba5f6ebaad74cec79c2201faf1521aad2a65627d5a64c74c9ff668b535664c1c49b285578713ce2bc2472b704e6b972c51074d2574ff2ad574cf6b87870
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## 5.0.1
|
2
|
+
|
3
|
+
- Updates `Expect-CT` header to use a comma separator between directives, as specified in the most current spec.
|
4
|
+
|
1
5
|
## 5.0.0
|
2
6
|
|
3
7
|
Well this is a little embarassing. 4.0 was supposed to set the secure/httponly/samesite=lax attributes on cookies by default but it didn't. Now it does. - See the [upgrading to 5.0](docs/upgrading-to-5-0.md) guide.
|
data/secure_headers.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
Gem::Specification.new do |gem|
|
4
4
|
gem.name = "secure_headers"
|
5
|
-
gem.version = "5.0.
|
5
|
+
gem.version = "5.0.1"
|
6
6
|
gem.authors = ["Neil Matatall"]
|
7
7
|
gem.email = ["neil.matatall@gmail.com"]
|
8
8
|
gem.description = "Manages application of security headers with many safe defaults."
|
@@ -3,13 +3,13 @@ require "spec_helper"
|
|
3
3
|
|
4
4
|
module SecureHeaders
|
5
5
|
describe ExpectCertificateTransparency do
|
6
|
-
specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce
|
6
|
+
specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce, max-age=1234") }
|
7
7
|
specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: false).value).to eq("max-age=1234") }
|
8
8
|
specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: "yolocopter").value).to eq("max-age=1234") }
|
9
|
-
specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234
|
9
|
+
specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"") }
|
10
10
|
specify do
|
11
11
|
config = { enforce: true, max_age: 1234, report_uri: "https://report-uri.io/expect-ct" }
|
12
|
-
header_value = "enforce
|
12
|
+
header_value = "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\""
|
13
13
|
expect(ExpectCertificateTransparency.new(config).value).to eq(header_value)
|
14
14
|
end
|
15
15
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_headers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.
|
4
|
+
version: 5.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Neil Matatall
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-10-
|
11
|
+
date: 2017-10-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -97,7 +97,7 @@ files:
|
|
97
97
|
- spec/lib/secure_headers/headers/clear_site_data_spec.rb
|
98
98
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
99
99
|
- spec/lib/secure_headers/headers/cookie_spec.rb
|
100
|
-
- spec/lib/secure_headers/headers/
|
100
|
+
- spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
|
101
101
|
- spec/lib/secure_headers/headers/policy_management_spec.rb
|
102
102
|
- spec/lib/secure_headers/headers/public_key_pins_spec.rb
|
103
103
|
- spec/lib/secure_headers/headers/referrer_policy_spec.rb
|
@@ -131,9 +131,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
131
131
|
version: '0'
|
132
132
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
133
133
|
requirements:
|
134
|
-
- - "
|
134
|
+
- - ">="
|
135
135
|
- !ruby/object:Gem::Version
|
136
|
-
version:
|
136
|
+
version: '0'
|
137
137
|
requirements: []
|
138
138
|
rubyforge_project:
|
139
139
|
rubygems_version: 2.6.11
|
@@ -146,7 +146,7 @@ test_files:
|
|
146
146
|
- spec/lib/secure_headers/headers/clear_site_data_spec.rb
|
147
147
|
- spec/lib/secure_headers/headers/content_security_policy_spec.rb
|
148
148
|
- spec/lib/secure_headers/headers/cookie_spec.rb
|
149
|
-
- spec/lib/secure_headers/headers/
|
149
|
+
- spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
|
150
150
|
- spec/lib/secure_headers/headers/policy_management_spec.rb
|
151
151
|
- spec/lib/secure_headers/headers/public_key_pins_spec.rb
|
152
152
|
- spec/lib/secure_headers/headers/referrer_policy_spec.rb
|