03a2960654
rename CSP headeer constant variable name
2014-10-30 14:08:34 -07:00
7a20f34001
lock rspec to 3.1+
2014-10-29 12:01:01 -07:00
8479ab8a9c
History will be tracked in github
2014-10-14 23:16:19 -07:00
e39936e674
update .gitignore
2014-10-14 23:14:08 -07:00
e96a31bdf4
remove a ton of cruft
2014-10-14 23:09:09 -07:00
5d4957ef24
remove the 'experimental' feature
2014-10-14 22:57:54 -07:00
d8365c93d1
Add code coverage via coveralls.io
...
https://coveralls.io/r/twitter/secureheaders
Signed-off-by: Chris Aniszczyk <zx@twitter.com>
2014-10-14 15:44:53 -05:00
c7ca5bb5c1
Merge pull request #119 from twitter/remove_forwarder_jank
...
Remove forwarder jank
2014-10-14 10:13:49 -07:00
b3e4cabc4d
reformat the list of directives, include future directives
2014-10-13 22:22:43 -07:00
4fdee91c81
remove the report forwarder and other jank
2014-10-13 22:21:06 -07:00
5c3bfd1a76
docs and version bump
2014-10-13 15:04:39 -07:00
8caf856635
Merge pull request #111 from EiNSTeiN-/xss-protection-report
...
Add report=uri to X-XSS-Protection
2014-09-16 13:07:33 -07:00
df83776836
add report=uri to X-XSS-Protection
2014-09-16 19:26:03 +00:00
cd172b5f03
Merge pull request #108 from kapost/master
...
Defer loading action_controller
2014-09-02 15:12:19 -07:00
9d3557db1f
Defer loading action_controller
...
Use the lazy-load hooks to include ::SecureHeaders. This will prevent action_controller/action_view from getting loaded unless it's required.
2014-09-02 10:03:19 -06:00
e35ec69f90
Merge pull request #105 from spagalloco/x-download-options
...
X-Download-Options header support
2014-08-28 11:35:41 -07:00
7e6aae5431
X-Download-Options header support
2014-08-28 14:29:50 -04:00
ff4da2f22c
Merge pull request #106 from spagalloco/test-dependencies
...
remove ActiveRecord dependency from integration tests
2014-08-28 11:17:05 -07:00
76eb76fca3
remove ActiveRecord dependency from integration tests
2014-08-28 10:31:12 -04:00
7d027ac01b
bump and docs
2014-08-14 19:28:26 -07:00
3abf3f1d09
Merge pull request #104 from reedloden/preload
...
Add support for new HSTS 'preload' option
2014-08-14 19:25:55 -07:00
e69289bd35
Add support for new HSTS 'preload' option
...
@agl just made a new option for HSTS representing confirmation that a site
wants to be included in a browser's preload list
(https://hstspreload.appspot.com ).
2014-08-14 19:19:08 -07:00
58334a11da
Update README.md
2014-08-13 18:13:19 -07:00
f444e00f61
typo
2014-08-13 14:52:00 -07:00
bba215af04
docs and version bump
2014-08-13 14:50:25 -07:00
651ee71758
Merge pull request #102 from twitter/report_uri_tagging
...
add the ability to tag requests with report-only and app_name information
2014-08-13 14:45:36 -07:00
ea3f0a6188
add the ability to tag requests with report-only and app_name information
2014-08-12 17:26:33 -07:00
aa601ee960
docs and bump
2014-08-12 11:25:55 -07:00
448d5c1250
Merge pull request #100 from nealharris/neal-gracefully-parse-uris
...
same_origin? returns false for bad URIs
2014-08-11 16:43:12 -07:00
438065abf7
same_origin? returns false for bad URIs
2014-08-11 15:32:27 -07:00
b293b54fa0
docs and version bump (x2)
2014-08-08 18:45:25 -07:00
fab0f25285
Merge pull request #97 from twitter/enforce_lambda
...
Two bug fixes: lambda support for more config values and propegating the default-src value to img-src in one case
2014-08-08 17:51:18 -07:00
85b923c310
Merge branch 'master' into enforce_lambda
...
Conflicts:
fixtures/rails_3_2_12/spec/controllers/other_things_controller_spec.rb
lib/secure_headers/headers/content_security_policy.rb
2014-08-08 15:09:50 -07:00
325867fea9
Merge pull request #98 from twitter/nonce
...
Add standard CSP level 2 nonce
2014-08-08 15:02:58 -07:00
106fded12c
add backwards-compatibility layer for nonces
2014-08-08 08:56:02 -07:00
1c74f6b1e7
only set the nonce if actually used.
2014-08-08 08:40:14 -07:00
9aa07185dc
no need to ||=
2014-08-07 21:21:55 -07:00
46b14c773c
Add standard CSP level 2 nonce
2014-08-07 21:12:04 -07:00
1b6172a65e
Merge pull request #99 from twitter/fix_187
...
goodbye spork and simplecov, tired of you
2014-08-07 21:11:23 -07:00
9908ae6fa1
goodbye spork and simplecov, tired of you
2014-08-07 20:17:25 -07:00
619ff5e6f2
lol ruby: elsif -> else
2014-08-07 16:44:03 -07:00
6f125459d1
goodbye spork and simplecov, tired of you
2014-08-07 14:43:45 -07:00
957bef2787
fix tests from fake apps
2014-08-07 13:58:19 -07:00
b53d321ae7
some cleanup
2014-08-07 13:57:08 -07:00
156c32a1fb
Support lambdas for config values (other than experimental and http_additions)
2014-08-07 13:41:13 -07:00
4cc77d532f
Merge pull request #93 from dariocravero/master
...
Implemented Padrino hook in a more Padrino way
2014-06-23 12:45:12 -07:00
7c481b3314
Implemented Padrino hook in a more Padrino way by setting up a register
...
hook and hinting that the configuration should be moved towards
`before_load` in `config/boot.rb`
2014-06-21 00:05:49 +01:00
e51350485e
Merge pull request #92 from twitter/procs
...
Proc support for config values
2014-06-13 14:32:28 -07:00
a5a65257ae
don't modify the hash in place
2014-06-11 11:55:58 -07:00
d531dc427d
drop pry
2014-06-09 15:39:22 -07:00
Neil Matatall
Neil Matatall
Chris Aniszczyk
Francois Chagnon
Raul E Rangel
Steve Agalloco
Reed Loden
Chris Aniszczyk
Neal Harris
Darío Javier Cravero