Upgrade version and docs to 7.0 (#528)

## All PRs:

* [x] Has tests
* [x] Documentation updated

## Adding a new header

N/A

## Adding a new CSP directive

N/A

Closes https://github.com/github/secure_headers/issues/480
This commit is contained in:
Rahul Zhade 2024-10-16 13:18:26 -04:00 коммит произвёл GitHub
Родитель 6b5eb3304d
Коммит bac6daea11
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
3 изменённых файлов: 14 добавлений и 2 удалений

12
docs/upgrading-to-7-0.md Normal file
Просмотреть файл

@ -0,0 +1,12 @@
## X-Xss-Protection is set to 0 by default
Version 6 and below of `secure_headers` set the `X-Xss-Protection` to `1; mode=block` by default. This was done to protect against reflected XSS attacks. However, this header is no longer recommended (see https://github.com/github/secure_headers/issues/439 for more information).
If any functionality in your app depended on this header being set to the previous value, you will need to set it explicitly in your configuration.
```ruby
# config/initializers/secure_headers.rb
SecureHeaders::Configuration.default do |config|
config.x_xss_protection = "1; mode=block"
end
```

Просмотреть файл

@ -1,5 +1,5 @@
# frozen_string_literal: true # frozen_string_literal: true
module SecureHeaders module SecureHeaders
VERSION = "6.5.0" VERSION = "7.0.0"
end end

Просмотреть файл

@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
gem.description = 'Add easily configured security headers to responses gem.description = 'Add easily configured security headers to responses
including content-security-policy, x-frame-options, including content-security-policy, x-frame-options,
strict-transport-security, etc.' strict-transport-security, etc.'
gem.homepage = "https://github.com/twitter/secureheaders" gem.homepage = "https://github.com/github/secure_headers"
gem.license = "MIT" gem.license = "MIT"
gem.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR) gem.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) } gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }