secure_headers 6.6.0 → 6.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2afd142dc54275ace387af0a964bba3918655513474a14f11959532616108d58
-  data.tar.gz: f520ab4f191710af2d78bc662319b02ab7819bba57a091c921822984393f18e5
+  metadata.gz: 6919954e57f87c70a4fa42baa5285649bd7484ec6785894a2b461b6f52558f29
+  data.tar.gz: 710492a0e64a47f41f2b079e6d4799922aa05e51d017cacafcc20d77383815ee
 SHA512:
-  metadata.gz: 3fe9df12ae44cabd372f84e8eebd47946e6102d8c920cf48752e3f36bcd1db3e429cbc47e54dda8f8194b4ae2cb90c583eec38b0e7906bac8f0fb9337eb7ecad
-  data.tar.gz: 56a30016b7f290693c89d8f8e2fd4e3d8425962a2dcb0fb75c96bd6b2fc8b85b890373a4ebd160e7cf2896e494697a563dd882f11f7527da9c29234d41bd2b17
+  metadata.gz: efd8e608dfeafc5d7e7fcd06274b0b8ed0c640744ab9d8113597bef916f31666cbf518b1dcd6869d7af42fbcbaf15a6a4cf8100b97fcbf52f5ba790e495e26c0
+  data.tar.gz: dcc504641e1c22b24a05c76534e2f8ba7a7fd5ff1b5f891eb467d23876c60900ef235d2dd4ba49af4352b23ffd1cd246c720aff79668244b6a10cec3aab8ed6f

data/Gemfile

@@ -3,6 +3,8 @@ source "https://rubygems.org"
 
 gemspec
 
+gem "benchmark-ips"
+
 group :test do
   gem "coveralls"
   gem "json"

data/lib/secure_headers/configuration.rb

@@ -83,14 +83,17 @@ module SecureHeaders
       # can lead to modifying parent objects.
       def deep_copy(config)
         return unless config
-        config.each_with_object({}) do |(key, value), hash|
-          hash[key] =
-            if value.is_a?(Array)
+        result = {}
+        config.each_pair do |key, value|
+          result[key] =
+            case value
+            when Array
               value.dup
             else
               value
             end
         end
+        result
       end
 
       # Private: Returns the internal default configuration. This should only

data/lib/secure_headers/headers/content_security_policy.rb

@@ -20,9 +20,9 @@ module SecureHeaders
           config
         end
 
-      @preserve_schemes = @config.preserve_schemes
-      @script_nonce = @config.script_nonce
-      @style_nonce = @config.style_nonce
+      @preserve_schemes = @config[:preserve_schemes]
+      @script_nonce = @config[:script_nonce]
+      @style_nonce = @config[:style_nonce]
     end
 
     ##

data/lib/secure_headers/headers/content_security_policy_config.rb

@@ -1,65 +1,23 @@
 # frozen_string_literal: true
 module SecureHeaders
   module DynamicConfig
-    def self.included(base)
-      base.send(:attr_reader, *base.attrs)
-      base.attrs.each do |attr|
-        base.send(:define_method, "#{attr}=") do |value|
-          if self.class.attrs.include?(attr)
-            write_attribute(attr, value)
-          else
-            raise ContentSecurityPolicyConfigError, "Unknown config directive: #{attr}=#{value}"
-          end
-        end
-      end
-    end
-
     def initialize(hash)
-      @base_uri = nil
-      @child_src = nil
-      @connect_src = nil
-      @default_src = nil
-      @font_src = nil
-      @form_action = nil
-      @frame_ancestors = nil
-      @frame_src = nil
-      @img_src = nil
-      @manifest_src = nil
-      @media_src = nil
-      @navigate_to = nil
-      @object_src = nil
-      @plugin_types = nil
-      @prefetch_src = nil
-      @preserve_schemes = nil
-      @report_only = nil
-      @report_uri = nil
-      @require_sri_for = nil
-      @require_trusted_types_for = nil
-      @sandbox = nil
-      @script_nonce = nil
-      @script_src = nil
-      @script_src_elem = nil
-      @script_src_attr = nil
-      @style_nonce = nil
-      @style_src = nil
-      @style_src_elem = nil
-      @style_src_attr = nil
-      @trusted_types = nil
-      @worker_src = nil
-      @upgrade_insecure_requests = nil
-      @disable_nonce_backwards_compatibility = nil
+      @config = {}
 
       from_hash(hash)
     end
 
+    def initialize_copy(hash)
+      @config = hash.to_h
+    end
+
     def update_directive(directive, value)
-      self.send("#{directive}=", value)
+      @config[directive] = value
     end
 
     def directive_value(directive)
-      if self.class.attrs.include?(directive)
-        self.send(directive)
-      end
+      # No need to check attrs, as we only assign valid keys
+      @config[directive]
     end
 
     def merge(new_hash)
@@ -77,10 +35,7 @@ module SecureHeaders
     end
 
     def to_h
-      self.class.attrs.each_with_object({}) do |key, hash|
-        value = self.send(key)
-        hash[key] = value unless value.nil?
-      end
+      @config.dup
     end
 
     def dup
@@ -113,8 +68,11 @@ module SecureHeaders
 
     def write_attribute(attr, value)
       value = value.dup if PolicyManagement::DIRECTIVE_VALUE_TYPES[attr] == :source_list
-      attr_variable = "@#{attr}"
-      self.instance_variable_set(attr_variable, value)
+      if value.nil?
+        @config.delete(attr)
+      else
+        @config[attr] = value
+      end
     end
   end
 
@@ -122,7 +80,7 @@ module SecureHeaders
   class ContentSecurityPolicyConfig
     HEADER_NAME = "Content-Security-Policy".freeze
 
-    ATTRS = PolicyManagement::ALL_DIRECTIVES + PolicyManagement::META_CONFIGS + PolicyManagement::NONCES
+    ATTRS = Set.new(PolicyManagement::ALL_DIRECTIVES + PolicyManagement::META_CONFIGS + PolicyManagement::NONCES)
     def self.attrs
       ATTRS
     end

data/lib/secure_headers/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SecureHeaders
-  VERSION = "6.6.0"
+  VERSION = "6.7.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secure_headers
 version: !ruby/object:Gem::Version
-  version: 6.6.0
+  version: 6.7.0
 platform: ruby
 authors:
 - Neil Matatall