f04557b170
version bump + docs [skip ci]
2013-06-17 14:45:42 -07:00
c2fdb19548
fixes #61 Use string comparison to version check
...
Because comparing integers with strings can go wrong
2013-06-17 13:13:00 -07:00
a8dd49fbbd
Merge branch 'rename_webkit_to_standard'
2013-06-14 18:57:26 -04:00
fa4374126c
Rename WebkitBrowserStrategy -> StandardBrowserStrategy
2013-06-14 18:57:16 -04:00
d9f529e966
Merge branch 'gh-58_ff23_supports_standard'
2013-06-14 17:43:47 -04:00
b4b46e1610
fixes #58 - Firefox >= 23 supports standard CSP header
2013-06-14 17:43:31 -04:00
3ca68eca61
Merge branch 'gh52_canonical_header_chrome'
2013-06-14 17:42:14 -04:00
c3df2cfc3f
oops, new file :)
2013-06-14 17:06:28 -04:00
8e49a128db
Serve standard header when using chrome 25+
2013-06-14 17:03:01 -04:00
0c7728e2bb
Small refactor, set headers as objects instead of values
2013-06-14 16:55:54 -04:00
13f9ad0553
bump
2013-05-20 17:03:48 -07:00
3cbb2d0c5a
Merge pull request #57 from reedloden/master
...
Send X-Content-Type-Options header to Chrome users as well (not just IE) and improve tests
2013-05-20 08:46:54 -07:00
3e07467925
Send X-Content-Type-Options header to Chrome users as well (not just IE) and improve tests
...
* Chrome supports the X-Content-Type-Options header for a few use cases
(including not processing JavaScript for text/plain content types), so
send the X-Content-Type-Options header to Chrome users (fixes #53 ).
* Clean up HSTS tests to better match other header tests.
* Test X-XSS-Protection header on all browsers.
* Test X-Content-Type-Options header on both IE and Chrome.
2013-05-17 20:11:45 -07:00
05a8a4b6ca
Removed unnecessary comment
2013-05-08 19:35:43 -06:00
ab8e025f37
Merge pull request #54 from reedloden/xfo-and-more
...
A few changes related to XFO, a typo fix, and spec test description improvements
2013-05-08 18:24:42 -07:00
a31a65bcff
bump
2013-05-07 11:19:41 -07:00
4499313add
Merge branch 'no_csp_for_safari5_either'
2013-05-07 11:18:28 -07:00
962736bbe1
Do not set CSP for safari 5
2013-05-07 11:08:07 -07:00
c442c4756f
A few changes related to XFO, a typo fix, and spec test description improvements
...
* Two changes to X-Frame-Options, as per current spec draft
(https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02 )
- Use 'X-Frame-Options' instead of 'X-FRAME-OPTIONS'
- Make the colon after X-Frame-Options: ALLOW-FROM optional
* Fix typo in README for 'widely supported' config
* Improve spec test descriptions
2013-05-07 01:04:23 -07:00
19cdba860b
bump
2013-05-05 00:34:16 -07:00
26ff7fba42
Merge pull request #51 from danhodge/strict_transport_security_max_age
...
allow max_age to be specified as a Fixnum
2013-05-05 00:30:22 -07:00
0f9b29a3ee
allow max_age to be specified as a Fixnum
2013-05-02 21:27:25 -04:00
452fbb9871
Merge pull request #49 from theverything/edit_readme
...
fix a typo and change formatting
2013-05-02 09:55:39 -07:00
fb994bd69d
fix a typo and change formatting
2013-05-01 17:35:46 -07:00
6df47f5c72
Updated readme to include script-nonce settings
2013-04-19 11:32:13 -07:00
e3c0351016
Merge pull request #47 from coderanger/master
...
Script-nonce support
2013-04-18 23:04:16 -07:00
8595c148d2
Add support for the working draft script-nonce directive.
...
An example use would be:
:script_nonce => lambda { params[:script_nonce] = SecureRandom.hex(16) },
2013-04-17 19:13:50 -07:00
b21271bcbb
bump
2013-04-09 18:55:56 -07:00
65bbdc3b09
Merge pull request #46 from reedloden/master
...
Allow HSTS max_age values to be a string or an integer
2013-04-09 18:49:04 -07:00
ef556d7593
Update include reference, it belongs in a controller
2013-04-09 18:47:56 -07:00
01c9bc755a
Allow HSTS max_age values to be a string or an integer
...
* Convert max_age to a string before doing regex \d+ check
* Add tests to ensure errors are not raised for different max_age values
2013-04-09 13:59:16 -07:00
082d37467b
version + doc bump
2013-04-08 13:07:41 -07:00
e9a505d6d4
Merge pull request #40 from twitter/separate_before_filters
...
Add skip_before_filter functionality to each header
2013-04-08 13:04:10 -07:00
6e4ee0e32b
update README to reflect set_csp_header preferred API
2013-03-27 15:41:59 -07:00
bc0ddff056
Don't break the api
2013-03-27 15:33:48 -07:00
d641975eb3
Followup to #41 , allow those values anyways
2013-03-27 10:10:40 -07:00
73cac635c3
Merge pull request #41 from tortustechnologies/master
...
Setting XSS protection value to a string '1' as in the Readme causes an exception
2013-03-27 10:09:30 -07:00
21f4c3e209
change all XSS protection values to integer, since string causes an exception
2013-03-27 12:55:21 -04:00
618781602c
Add skip_before_filter functionality to each header
2013-03-25 14:07:58 -07:00
214781102b
Merge pull request #39 from twitter/relative_protocol_report_uri
...
Add ability to use protocol relative URIs in report-uri
2013-03-07 18:06:33 -08:00
4124dedb5d
Update docs
2013-03-07 18:06:04 -08:00
8e663ee0fc
Add ability to use protocol relative URIs in report-uri
2013-03-07 13:59:29 -08:00
bb471e7a6c
release notes
2013-02-21 13:54:19 -08:00
35e3a8dd78
Merge pull request #37 from twitter/move_chrome_stuffs_to_strategy
...
push the chrome-extension logic to the Webkit strategy, noop elsewhere
2013-02-21 13:51:52 -08:00
61d21e7dc2
push the chrome-extension logic to the Webkit strategy, noop elsewhere
2013-02-20 17:46:07 -08:00
10d43faca9
release notes
2013-02-20 16:21:51 -08:00
588609ce5c
support paths in report-uris as intentional
2013-02-20 12:44:05 -08:00
9d759567c3
add release notes
2013-02-20 10:23:42 -08:00
03f6c8c5ef
clarify forward_endpoint in README
2013-02-20 10:23:26 -08:00
782c9d515c
Merge pull request #35 from twitter/decouple_csp_and_request
...
Decouple CSP and request objects #34
2013-02-20 10:15:25 -08:00
Neil Matatall
Neil Matatall
Reed Loden
danhodge
theverything
Noah Kantrowitz
William Makley