github
/
secure_headers
зеркало из https://github.com/github/secure_headers.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
997 коммитов 16 Ветки 92 Теги 2,5 MiB
Граф коммитов

997 Коммитов

Автор SHA1 Сообщение Дата
Neil Matatall 87dba71b92
consolidate escape sequence capturing in one validation, add suspenders to check if one snuck by 2020-01-23 12:45:49 -10:00
Neil Matatall 0b26d92ba6
add validation to sandbox and plugin_types directives which accept booleans and loosely defined strints 2020-01-22 17:18:35 -10:00
Neil Matatall 70b88efb67
Move semicolon/newline handling to validation and raise errors 2020-01-22 16:39:14 -10:00
Neil Matatall 722a69051a
bump to 6.3 2020-01-21 13:05:37 -10:00
Neil Matatall 301695706f
Merge pull request from GHSA-w978-rmpf-qmwg 
Filter and warn on newlines in configurations
 2020-01-21 13:03:11 -10:00
Neil Matatall 3a2b548223
Filter and warn on newlines 2020-01-21 12:52:05 -10:00
Neil Matatall 1298905068
bump to 6.2 2020-01-21 10:42:02 -10:00
Neil Matatall 6e38cb41d2
Merge pull request #419 from twitter/escape-semi-colons 
Escape semi colons in directive source lists
 2020-01-21 10:40:57 -10:00
Neil Matatall eed6c1606f
lint 2020-01-21 09:02:20 -10:00
Neil Matatall 3c4b86edd6
escape semicolons by replacing them with spaces 
See https://github.com/twitter/secure_headers/issues/418
 2020-01-21 08:45:09 -10:00
Neil Matatall 2068ba7bb6
clean up some warnings 2020-01-21 08:44:43 -10:00
Neil Matatall 86c762aea4
Remove outdated APL license blurb from readme, use only the LICENSE file 
Fixes https://github.com/twitter/secure_headers/issues/415
 2020-01-21 07:28:51 -10:00
Neil Matatall 902041bab6
Do years even matter? 2020-01-21 07:28:21 -10:00
Neil Matatall f208799828
Merge pull request #417 from JuanitoFatas/doc/opt-out 
Fix references to OPT_OUT constant
 2020-01-11 07:09:55 -10:00
Juanito Fatas ffd593cf57 Fix references to OPT_OUT constant 2020-01-11 12:42:22 +09:00
Neil Matatall c73952a318
Actually, the session ID stuff wasn't quite accurate 
The reason for `none` and `duplicate` is so you can find the differences. Setting it to lax would break 3rd party interactions.
 2020-01-10 06:20:42 -10:00
Neil Matatall 0169dd80fd
Add some examples to the cookie docs to more closely reflect how a deployment would look 2020-01-10 06:19:21 -10:00
Neil Matatall 0d1eb1b02f
version bump for SameSite=none 2020-01-07 17:27:07 -10:00
Neil Matatall 390fc00423
Merge pull request #414 from twitter/add-same-site-none-support 
Add support for SameSite=None
 2020-01-07 17:25:07 -10:00
Neil Matatall 17a59584fd
ok, maybe not that recent 2020-01-07 15:55:19 -10:00
Neil Matatall 47c8be9454
let's get some more modern ruby while we're at it 2020-01-07 15:54:45 -10:00
Neil Matatall d77456ff99
pin rubocop to 'legacy' rubocop-github https://github.com/github/rubocop-github#legacy-usage 2020-01-07 15:44:53 -10:00
Neil Matatall 896c36dbea
dry up more tests 2020-01-07 12:41:03 -10:00
Neil Matatall a03feadf73
DRY up tests a little 2020-01-07 12:36:12 -10:00
Neil Matatall 0664df0967
docs 2020-01-07 12:15:42 -10:00
Neil Matatall 623ac24495
Add support for SameSite=None 
Fixes https://github.com/twitter/secure_headers/issues/412
 2020-01-07 12:14:34 -10:00
Neil Matatall 1fa2083cf9
Merge pull request #409 from ghiculescu/patch-2 
Document `disable_nonce_backwards_compatibility`
 2019-11-12 09:12:09 -10:00
Alex Ghiculescu 71ce42e7f4
Document `disable_nonce_backwards_compatibility` 2019-10-22 14:06:34 -05:00
Neil Matatall b18d3eb11a
Update named_overrides_and_appends.md 2019-10-21 12:25:14 -07:00
Neil Matatall 08e73886ca
fix travis badge 2019-08-12 11:44:20 -10:00
Neil Matatall 92ac88736a
bump to 6.1.1 2019-06-26 07:39:39 -10:00
Neil Matatall afd3258787
Merge pull request #404 from will/disableappend 
Add option to disable appending 'unsafe-inline' when using nonces
 2019-06-26 07:37:37 -10:00
Will Leinweber cafeb214e4 Add option to disable appending 'unsafe-inline' when using nonces 2019-06-25 21:13:22 -07:00
Neil Matatall 84253dadf4
Merge pull request #405 from twitter/linty-lint-lint 
clean up some linter errors showing up in newer CI
 2019-06-25 15:01:20 -10:00
Neil Matatall 267663ba8a
clean up some linter errors showing up in newer CI 2019-06-25 14:22:52 -10:00
Neil Matatall 543e6712aa
Update CHANGELOG.md 2019-02-27 08:34:03 -10:00
Neil Matatall 1670f4ba3b Bump to 6.1.0 and readd VERSION constant 2019-02-22 14:42:41 -10:00
Neil Matatall 647dcc4c4d
Merge pull request #395 from twitter/missing-directives 
Add support for navigate-to, prefetch-src, and require-sri-for
 2019-02-22 14:36:29 -10:00
Neil Matatall 64a4fadebb update supported ruby versions 2019-02-22 14:21:36 -10:00
Neil Matatall e87a4d77f2 Merge branch 'master' into missing-directives 2019-02-22 14:11:14 -10:00
Neil Matatall 9965178f12
Add note on API configs 2018-07-27 07:01:19 -10:00
Neil Matatall f25f0fb225
Merge branch 'master' into missing-directives 2018-07-20 07:15:11 -10:00
Neil Matatall b208b8a671
remove hpkp 
Fixes https://github.com/twitter/secure_headers/issues/368
 2018-07-20 07:11:17 -10:00
Neil Matatall 90597531a7
Update secure cookie error message when providing 'false' 
Fixes https://github.com/twitter/secure_headers/issues/393
 2018-07-20 07:02:27 -10:00
Neil Matatall 14d697ac36
Add support for navigate-to, prefetch-src, and require-sri-for 
Fixes https://github.com/twitter/secure_headers/issues/387
Fixes https://github.com/twitter/secure_headers/issues/388
Fixes https://github.com/twitter/secure_headers/issues/264
 2018-07-20 06:57:37 -10:00
Neil Matatall 9ccefc1d97
bump to 6.0 2018-05-08 09:36:00 -10:00
Neil Matatall 8453f46089
bump to 6 alpha 3 2018-05-01 12:52:41 -10:00
Neil Matatall 249feb92fd
Merge pull request #390 from twitter/no-more-sniffing 
Remove all useragent sniffing
 2018-04-25 13:31:09 -10:00
Neil Matatall ecc8bb0b36
a little more clarification around the child/frame-src problem 2018-04-11 08:30:34 -10:00
Neil Matatall fbf0ec1afe
add note to upgrade doc about frame/child src mess 2018-04-11 08:28:51 -10:00