secure_headers 5.0.2 → 5.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/docs/per_action_configuration.md +6 -0
- data/lib/secure_headers/view_helper.rb +26 -2
- data/secure_headers.gemspec +1 -1
- data/spec/lib/secure_headers/view_helpers_spec.rb +16 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fd26137e6127e709c13eadb6b16969d87ff354d2
|
|
4
|
+
data.tar.gz: 3cfc345eec36d83dc0186c4b0a41f61145e432df
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9353e1023fa74152d817162f800e13570c58541b79fc16705b0f143876300838cde65af0c7d06a9286c39a69a33ba42d04c8ef0fad60824e7efcf2a33baf460b
|
|
7
|
+
data.tar.gz: b0e99964050e7a31ae32069832dcb32eac00f536dae6301e4e7504970db2d64a243549fa1cf53b50f5246913043c39f78dd347f695651b54a3d1bb1aa30b9daa
|
data/CHANGELOG.md
CHANGED
|
@@ -7,21 +7,45 @@ module SecureHeaders
|
|
|
7
7
|
class UnexpectedHashedScriptException < StandardError; end
|
|
8
8
|
|
|
9
9
|
# Public: create a style tag using the content security policy nonce.
|
|
10
|
-
# Instructs secure_headers to append a nonce to style
|
|
10
|
+
# Instructs secure_headers to append a nonce to style-src directive.
|
|
11
11
|
#
|
|
12
12
|
# Returns an html-safe style tag with the nonce attribute.
|
|
13
13
|
def nonced_style_tag(content_or_options = {}, &block)
|
|
14
14
|
nonced_tag(:style, content_or_options, block)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
+
# Public: create a stylesheet link tag using the content security policy nonce.
|
|
18
|
+
# Instructs secure_headers to append a nonce to style-src directive.
|
|
19
|
+
#
|
|
20
|
+
# Returns an html-safe link tag with the nonce attribute.
|
|
21
|
+
def nonced_stylesheet_link_tag(*args, &block)
|
|
22
|
+
stylesheet_link_tag(*args, nonce: content_security_policy_nonce(:style), &block)
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
# Public: create a script tag using the content security policy nonce.
|
|
18
|
-
# Instructs secure_headers to append a nonce to
|
|
26
|
+
# Instructs secure_headers to append a nonce to script-src directive.
|
|
19
27
|
#
|
|
20
28
|
# Returns an html-safe script tag with the nonce attribute.
|
|
21
29
|
def nonced_javascript_tag(content_or_options = {}, &block)
|
|
22
30
|
nonced_tag(:script, content_or_options, block)
|
|
23
31
|
end
|
|
24
32
|
|
|
33
|
+
# Public: create a script src tag using the content security policy nonce.
|
|
34
|
+
# Instructs secure_headers to append a nonce to script-src directive.
|
|
35
|
+
#
|
|
36
|
+
# Returns an html-safe script tag with the nonce attribute.
|
|
37
|
+
def nonced_javascript_include_tag(*args, &block)
|
|
38
|
+
javascript_include_tag(*args, nonce: content_security_policy_nonce(:script), &block)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
# Public: create a script Webpacker pack tag using the content security policy nonce.
|
|
42
|
+
# Instructs secure_headers to append a nonce to script-src directive.
|
|
43
|
+
#
|
|
44
|
+
# Returns an html-safe script tag with the nonce attribute.
|
|
45
|
+
def nonced_javascript_pack_tag(*args, &block)
|
|
46
|
+
javascript_pack_tag(*args, nonce: content_security_policy_nonce(:script), &block)
|
|
47
|
+
end
|
|
48
|
+
|
|
25
49
|
# Public: use the content security policy nonce for this request directly.
|
|
26
50
|
# Instructs secure_headers to append a nonce to style/script-src directives.
|
|
27
51
|
#
|
data/secure_headers.gemspec
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
Gem::Specification.new do |gem|
|
|
4
4
|
gem.name = "secure_headers"
|
|
5
|
-
gem.version = "5.0.
|
|
5
|
+
gem.version = "5.0.3"
|
|
6
6
|
gem.authors = ["Neil Matatall"]
|
|
7
7
|
gem.email = ["neil.matatall@gmail.com"]
|
|
8
8
|
gem.description = "Manages application of security headers with many safe defaults."
|
|
@@ -39,6 +39,12 @@ class Message < ERB
|
|
|
39
39
|
}
|
|
40
40
|
</style>
|
|
41
41
|
|
|
42
|
+
<%= nonced_javascript_include_tag "include.js" %>
|
|
43
|
+
|
|
44
|
+
<%= nonced_javascript_pack_tag "pack.js" %>
|
|
45
|
+
|
|
46
|
+
<%= nonced_stylesheet_link_tag "link.css" %>
|
|
47
|
+
|
|
42
48
|
TEMPLATE
|
|
43
49
|
end
|
|
44
50
|
|
|
@@ -64,6 +70,16 @@ TEMPLATE
|
|
|
64
70
|
"<#{type}#{options}>#{content}</#{type}>"
|
|
65
71
|
end
|
|
66
72
|
|
|
73
|
+
def javascript_include_tag(source, options = {})
|
|
74
|
+
content_tag(:script, nil, options.merge(src: source))
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
alias_method :javascript_pack_tag, :javascript_include_tag
|
|
78
|
+
|
|
79
|
+
def stylesheet_link_tag(source, options = {})
|
|
80
|
+
content_tag(:link, nil, options.merge(href: source, rel: "stylesheet", media: "screen"))
|
|
81
|
+
end
|
|
82
|
+
|
|
67
83
|
def result
|
|
68
84
|
super(binding)
|
|
69
85
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_headers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Neil Matatall
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-11-
|
|
11
|
+
date: 2017-11-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|