Skip to content

New API Implementation #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
oreoshake merged 24 commits into from
Dec 11, 2015
Merged

New API Implementation #191

Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
2b41aca
fix regression with mutation of global state
oreoshake Oct 20, 2015
a11105e
Merge pull request #184 from twitter/mutating-global-regression
oreoshake Oct 20, 2015
7a42710
version bump for regression
oreoshake Oct 20, 2015
48b048c
Cache UserAgentParser instance
oreoshake Oct 23, 2015
927ecd8
Merge pull request #188 from twitter/user-agent-parser
oreoshake Oct 23, 2015
35536c0
version bump for performance regression
oreoshake Oct 23, 2015
32bb3f5
Major rewrite:
oreoshake Oct 7, 2015
4170482
only attempt to build directives that are configured
oreoshake Nov 5, 2015
b4f672b
remove unused constant
oreoshake Nov 5, 2015
b0991ee
cleanup
oreoshake Nov 5, 2015
ba05040
remove method that was only used once
oreoshake Nov 5, 2015
97b56b3
reorder methods
oreoshake Nov 5, 2015
da60685
documentation updates
oreoshake Nov 5, 2015
e3ac264
parameters to nonce functions should be optional
oreoshake Nov 10, 2015
68a7498
Keep unsafe-* around when a * is provided.
oreoshake Nov 10, 2015
fb81baf
version lock tins
oreoshake Nov 10, 2015
0d499f4
actually use pessimistic version locking
oreoshake Nov 10, 2015
5481cba
Fix typo
kevgo Nov 17, 2015
170271f
Merge pull request #192 from kevgo/patch-1
oreoshake Nov 17, 2015
64908d5
Fix issue with opting out of headers when using header_hash method
oreoshake Dec 3, 2015
6c02a63
Merge pull request #193 from twitter/calling-name-on-nil-value
oreoshake Dec 3, 2015
8e0e654
version bump
oreoshake Dec 3, 2015
7d264f9
Merge branch 'master' into env-rack-config
oreoshake Dec 3, 2015
27ec392
merge conflict fixes
oreoshake Dec 3, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
cleanup
  • Loading branch information
@oreoshake
oreoshake committed Nov 5, 2015
commit b0991eed620eacf4ddd5e94d1b788885bb3b1d60
7 changes: 4 additions & 3 deletions lib/secure_headers.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,8 @@
# or ":optout_of_protection" as a config value to disable a given header
module SecureHeaders
OPT_OUT = :opt_out_of_protection
SCRIPT_HASH_CONFIG_FILE = "config/script_hashes.yml".freeze
SECURE_HEADERS_CONFIG = "secure_headers".freeze
NONCE_KEY = "content_security_policy_nonce".freeze
SECURE_HEADERS_CONFIG = "secure_headers_request_config".freeze
NONCE_KEY = "secure_headers_content_security_policy_nonce".freeze
HTTPS = "https".freeze
CSP = ContentSecurityPolicy

Expand Down Expand Up @@ -57,6 +56,8 @@ def opt_out_of_all_protection(request)
# Public: override a given set of directives for the current request. If a
# value already exists for a given directive, it will be overridden.
#
# If CSP was previously OPT_OUT, a new blank policy is used.
#
# additions - a hash containing directives. e.g.
# :script_src => %w(another-host.com)
def override_content_security_policy_directives(request, additions)
Expand Down