secure_headers icon indicating copy to clipboard operation
secure_headers copied to clipboard
verified publisher icon github

Confirm feature parity with secure_headers <=> rails vanilla

Open oreoshake opened this issue 7 years ago • 2 comments

A discussion in https://github.com/twitter/secure_headers/issues/275 was about ensuring that rails gets support for feature policy and how it would require an API similar to the CSP API. It made me think we should evaluate current features and open issues to see what we'd also like to see in rails.

  • [ ] Compile a list
  • [ ] Review it
  • [ ] open PRs/issues
  • [ ] 🍨

I'd like to deprecate and/or transfer ownership of this library eventually :smile:

oreoshake avatar Jul 19 '18 02:07 oreoshake

It looks like Rails has most of them by default now that CSP has landed however I think the ability to override these on a per controller basis is missing (CSP is overridable via the global method).

jacobbednarz avatar Jul 19 '18 02:07 jacobbednarz

Note to self: I have a harness that makes the transition easier. It includes some ideas around improving the rails API. GitHub was able to (potentially) make the move with one shim and a couple helpers.

oreoshake avatar May 06 '21 06:05 oreoshake