secure_headers 5.0.2 → 5.0.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of secure_headers might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/docs/per_action_configuration.md +6 -0
- data/lib/secure_headers/view_helper.rb +26 -2
- data/secure_headers.gemspec +1 -1
- data/spec/lib/secure_headers/view_helpers_spec.rb +16 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd26137e6127e709c13eadb6b16969d87ff354d2
|
4
|
+
data.tar.gz: 3cfc345eec36d83dc0186c4b0a41f61145e432df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9353e1023fa74152d817162f800e13570c58541b79fc16705b0f143876300838cde65af0c7d06a9286c39a69a33ba42d04c8ef0fad60824e7efcf2a33baf460b
|
7
|
+
data.tar.gz: b0e99964050e7a31ae32069832dcb32eac00f536dae6301e4e7504970db2d64a243549fa1cf53b50f5246913043c39f78dd347f695651b54a3d1bb1aa30b9daa
|
data/CHANGELOG.md
CHANGED
@@ -7,21 +7,45 @@ module SecureHeaders
|
|
7
7
|
class UnexpectedHashedScriptException < StandardError; end
|
8
8
|
|
9
9
|
# Public: create a style tag using the content security policy nonce.
|
10
|
-
# Instructs secure_headers to append a nonce to style
|
10
|
+
# Instructs secure_headers to append a nonce to style-src directive.
|
11
11
|
#
|
12
12
|
# Returns an html-safe style tag with the nonce attribute.
|
13
13
|
def nonced_style_tag(content_or_options = {}, &block)
|
14
14
|
nonced_tag(:style, content_or_options, block)
|
15
15
|
end
|
16
16
|
|
17
|
+
# Public: create a stylesheet link tag using the content security policy nonce.
|
18
|
+
# Instructs secure_headers to append a nonce to style-src directive.
|
19
|
+
#
|
20
|
+
# Returns an html-safe link tag with the nonce attribute.
|
21
|
+
def nonced_stylesheet_link_tag(*args, &block)
|
22
|
+
stylesheet_link_tag(*args, nonce: content_security_policy_nonce(:style), &block)
|
23
|
+
end
|
24
|
+
|
17
25
|
# Public: create a script tag using the content security policy nonce.
|
18
|
-
# Instructs secure_headers to append a nonce to
|
26
|
+
# Instructs secure_headers to append a nonce to script-src directive.
|
19
27
|
#
|
20
28
|
# Returns an html-safe script tag with the nonce attribute.
|
21
29
|
def nonced_javascript_tag(content_or_options = {}, &block)
|
22
30
|
nonced_tag(:script, content_or_options, block)
|
23
31
|
end
|
24
32
|
|
33
|
+
# Public: create a script src tag using the content security policy nonce.
|
34
|
+
# Instructs secure_headers to append a nonce to script-src directive.
|
35
|
+
#
|
36
|
+
# Returns an html-safe script tag with the nonce attribute.
|
37
|
+
def nonced_javascript_include_tag(*args, &block)
|
38
|
+
javascript_include_tag(*args, nonce: content_security_policy_nonce(:script), &block)
|
39
|
+
end
|
40
|
+
|
41
|
+
# Public: create a script Webpacker pack tag using the content security policy nonce.
|
42
|
+
# Instructs secure_headers to append a nonce to script-src directive.
|
43
|
+
#
|
44
|
+
# Returns an html-safe script tag with the nonce attribute.
|
45
|
+
def nonced_javascript_pack_tag(*args, &block)
|
46
|
+
javascript_pack_tag(*args, nonce: content_security_policy_nonce(:script), &block)
|
47
|
+
end
|
48
|
+
|
25
49
|
# Public: use the content security policy nonce for this request directly.
|
26
50
|
# Instructs secure_headers to append a nonce to style/script-src directives.
|
27
51
|
#
|
data/secure_headers.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
Gem::Specification.new do |gem|
|
4
4
|
gem.name = "secure_headers"
|
5
|
-
gem.version = "5.0.
|
5
|
+
gem.version = "5.0.3"
|
6
6
|
gem.authors = ["Neil Matatall"]
|
7
7
|
gem.email = ["neil.matatall@gmail.com"]
|
8
8
|
gem.description = "Manages application of security headers with many safe defaults."
|
@@ -39,6 +39,12 @@ class Message < ERB
|
|
39
39
|
}
|
40
40
|
</style>
|
41
41
|
|
42
|
+
<%= nonced_javascript_include_tag "include.js" %>
|
43
|
+
|
44
|
+
<%= nonced_javascript_pack_tag "pack.js" %>
|
45
|
+
|
46
|
+
<%= nonced_stylesheet_link_tag "link.css" %>
|
47
|
+
|
42
48
|
TEMPLATE
|
43
49
|
end
|
44
50
|
|
@@ -64,6 +70,16 @@ TEMPLATE
|
|
64
70
|
"<#{type}#{options}>#{content}</#{type}>"
|
65
71
|
end
|
66
72
|
|
73
|
+
def javascript_include_tag(source, options = {})
|
74
|
+
content_tag(:script, nil, options.merge(src: source))
|
75
|
+
end
|
76
|
+
|
77
|
+
alias_method :javascript_pack_tag, :javascript_include_tag
|
78
|
+
|
79
|
+
def stylesheet_link_tag(source, options = {})
|
80
|
+
content_tag(:link, nil, options.merge(href: source, rel: "stylesheet", media: "screen"))
|
81
|
+
end
|
82
|
+
|
67
83
|
def result
|
68
84
|
super(binding)
|
69
85
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_headers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.
|
4
|
+
version: 5.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Neil Matatall
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-11-
|
11
|
+
date: 2017-11-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|