01f009154d
Add trusted types directive
2022-05-04 15:37:38 -04:00
7f89df2daf
don't limit rubocop version
2021-11-15 06:06:24 +00:00
e4a198c0f4
bump to 6.3.3
2021-09-07 12:12:56 -10:00
e4caeb0c33
Merge pull request #472 from rahearn/generate-hashes-trailing-whitespace
...
Fix hash generation for indented helper methods
2021-09-07 12:11:37 -10:00
a0072e096e
Fix hash generation for indented helper methods
...
The helper outputs the closing </script> or </style> unindented
if it is on its own line. Needed to remove any extra whitespace
the regex captures on that last line.
2021-08-27 16:41:32 -04:00
8e28012493
Add https://github.com/TypeError/secure to list of similar libraries
...
cc @cak
2021-05-06 10:30:21 -10:00
159bbdb0b6
Update per_action_configuration.md
2021-04-28 07:17:16 -10:00
ce2ad13964
Merge pull request #467 from sapientpants/fix-clear-site-data-example
...
Fix ClearSiteData example
2021-03-09 10:18:08 -10:00
c32e49f276
Delete sync.yml
2021-03-09 10:15:36 -10:00
607a8cd628
Merge pull request #468 from github/oreoshake-patch-1
...
Update ruby build scripts and bump test matrix versions
2021-03-09 10:10:47 -10:00
bba850a4fb
Update ruby build scripts and bump test matrix versions
2021-03-09 09:57:50 -10:00
7aeb06f24b
Fix ClearSiteData example
2021-03-08 11:26:23 +01:00
5592e9ac79
bump to 6.3.2
2021-02-09 08:57:13 -10:00
7693be0e53
Merge pull request #465 from ggalmazor/enhancement/add_missing_v3_directives
...
Add missing CSP version 3 directives
2021-02-09 08:55:16 -10:00
9bfb355c17
Change: add specs to verify that the added directives are included in the CSP policy
2021-02-07 16:41:58 +01:00
b0190c59d1
Change: update the README with the new directives
2021-02-05 11:14:06 +01:00
722f9c883d
Change: add missing directives from CSP version 3:
...
- `script_src_elem`
- `script_src_attr`
- `style_src_elem`
- `style_src_attr`
2021-02-05 11:11:18 +01:00
62d5fb82b7
Merge pull request #451 from MrCull/patch-1
...
Deadlink in readme file in this repo to https://github.com/sourceclear/headlines which does not exist - Status code [404:NotFound]
2020-12-23 09:26:32 -10:00
e7c56e649c
Deadlink in readme file in this repo to https://github.com/sourceclear/headlines which does not exist - Status code [404:NotFound]
...
In this repo's readme there is a link to: https://github.com/sourceclear/headlines
This is in section for "Similar libraries".
However that is a deadlink and gives Status code [404:NotFound].
Looking at https://github.com/sourceclear there does not appear to be any similar named repos belonging to them.
So I assume this is not a simple typo and that this repo has been removed.
Perhaps the simplest thing to do here is to just remove this "Similar libraries" reference all together?
So that is what I have done in this PR.
However please feel free to suggest an alternate approach.
## extra
I recently created a tool that makes use of the GitHub api to find repos that match certain parameters. Then this tool checks the repo's readme files for dead links:
http://githubreadmechecker.com/Home/Search?SingleRepoUri=https%3a%2f%2fgithub.com%2fgithub%2fsecure_headers
It can be used to re-check this repo via this url: http://githubreadmechecker.com/Home/Search?SingleRepoUri=https%3a%2f%2fgithub.com%2fgithub%2fsecure_headers
I'd love to hear some feedback on this project so please feel free to to share some thoughts, or even start a discussion on the repo's main GitHub page.
2020-12-23 13:07:53 +00:00
ffec182a2d
Minor improvements to 6.0 upgrade doc [ci skip] ( #446 )
...
* Fix typo
* Improve header description about default configuration
* Titlecase "Ruby"
2020-09-21 12:22:49 -10:00
f3d3f9d6b0
bump to 6.3.1
2020-06-25 17:07:22 -10:00
3815ab4da0
Fix ruby 2.7 deprecation warnings with ** ( #443 )
...
* Fix ruby 2.7 deprecation warnings with **
* dev in 2.6, test in 2.7
Co-authored-by: Neil Matatall <oreoshake@users.noreply.github.com>
2020-06-25 17:05:42 -10:00
8d2c23c63d
Remove badges :-/
2020-06-08 14:33:53 -10:00
f168403b3a
Update badges
2020-06-08 14:31:13 -10:00
c13b774148
copy/pasta
2020-06-08 14:15:06 -10:00
fa4461f21a
replace references to 'master' with 'main'
2020-06-08 14:09:47 -10:00
38a59ceb65
Raise on override defined config ( #436 )
...
* Raise exception when trying to override an existing config
* Raise exception when trying to set a named append more than once
* Update documentation
* Raise an exception when a named append or override with the same name exists
Co-authored-by: Neil Matatall <448516+oreoshake@users.noreply.github.com>
2020-03-26 09:38:47 -10:00
d3fe69cfaa
Run actions on pull_request, not push
2020-03-26 09:31:10 -10:00
2c5676f54e
replace travis badge with actions badge
2020-02-20 14:27:16 -10:00
c3e47ee04e
Add rubocop-performance gem and config to fix deprecation message ( #430 )
...
* Add rubocop-performance gem and config to fix deprecation message
* ehhh apparently the order of the gemfile matters?
Gemfile:14:3: C: Bundler/OrderedGems: Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem rubocop-github should appear before rubocop-performance.
gem "rubocop-github"
^^^^^^^^^^^^^^^^^^^^
2020-02-20 09:26:20 -10:00
d6cbf1a981
Fix "Input 'version' has been deprecated with message: The version property will not be supported after October 1, 2019. Use ruby-version instead" deprecation message ( #429 )
2020-02-20 09:18:15 -10:00
cbf964db0f
Add GitHub actions CI setup ( #428 )
...
Use GitHub actions instead of Travis for CI. This removes coverage for jruby and ruby head in favor of the well-supported versions
2020-02-14 23:09:05 -10:00
6d8fca4b4f
Add twitter-archive fork reference ( #427 )
2020-02-13 12:25:50 -10:00
65517299dc
add Twitter and early contributors up to 2015 or so to README
2020-01-23 12:35:16 -10:00
722a69051a
bump to 6.3
2020-01-21 13:05:37 -10:00
301695706f
Merge pull request from GHSA-w978-rmpf-qmwg
...
Filter and warn on newlines in configurations
2020-01-21 13:03:11 -10:00
3a2b548223
Filter and warn on newlines
2020-01-21 12:52:05 -10:00
1298905068
bump to 6.2
2020-01-21 10:42:02 -10:00
6e38cb41d2
Merge pull request #419 from twitter/escape-semi-colons
...
Escape semi colons in directive source lists
2020-01-21 10:40:57 -10:00
eed6c1606f
lint
2020-01-21 09:02:20 -10:00
3c4b86edd6
escape semicolons by replacing them with spaces
...
See https://github.com/twitter/secure_headers/issues/418
2020-01-21 08:45:09 -10:00
2068ba7bb6
clean up some warnings
2020-01-21 08:44:43 -10:00
86c762aea4
Remove outdated APL license blurb from readme, use only the LICENSE file
...
Fixes https://github.com/twitter/secure_headers/issues/415
2020-01-21 07:28:51 -10:00
902041bab6
Do years even matter?
2020-01-21 07:28:21 -10:00
f208799828
Merge pull request #417 from JuanitoFatas/doc/opt-out
...
Fix references to OPT_OUT constant
2020-01-11 07:09:55 -10:00
ffd593cf57
Fix references to OPT_OUT constant
2020-01-11 12:42:22 +09:00
c73952a318
Actually, the session ID stuff wasn't quite accurate
...
The reason for `none` and `duplicate` is so you can find the differences. Setting it to lax would break 3rd party interactions.
2020-01-10 06:20:42 -10:00
0169dd80fd
Add some examples to the cookie docs to more closely reflect how a deployment would look
2020-01-10 06:19:21 -10:00
0d1eb1b02f
version bump for SameSite=none
2020-01-07 17:27:07 -10:00
390fc00423
Merge pull request #414 from twitter/add-same-site-none-support
...
Add support for SameSite=None
2020-01-07 17:25:07 -10:00
Jack McCracken
Neil Matatall
Neil Matatall
Ryan Ahearn
Marc Tremblay
Guille
Mark
Carlos Antonio da Silva
Jobert Abma
Kelly Kaoudis
Juanito Fatas