secure_headers
secure_headers copied to clipboard
github
Manages application of security headers with many safe defaults
## All PRs: * [ ] Has tests * [ ] Documentation updated ## Adding a new header Generally, adding a new header is always OK. * Is the header...
I have a dockerized rails application and every time i change from a branch into another, I receive: ``` 2025-02-05 10:43:33.634438 F [48:puma srv tp 001 reporting.rb:38] [[]] Rails --...
# Bug Gem version: 7.1.0 Rails: 6.1 Ruby: 3.3.6 Following this change from this [pull-request](https://github.com/github/secure_headers/pull/533) It introduce a regression and an unwanted behavior with some headers. While using `SecureHeaders::OPT_OUT` as...
We should consider setting a default `frame-ancestors` directive for the Content Security Policy. The [`frame-ancestors`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) directive is the new iteration of the X-Frame-Options header, and as such setting a directive...
## All PRs: * [ ] Has tests * [ ] Documentation updated ## Adding a new header Generally, adding a new header is always OK. * Is the header...
Ruby 4.0 (currently preview 2) has removed the default dependency on `CGI`: > [CGI](https://docs.ruby-lang.org/en/master/CGI.html) library is removed from the default gems. Now we only provide cgi/escape for the following methods:...
## All PRs: * [x] Has tests * [x] Documentation updated ## Summary This PR fixes all code style issues identified by rubocop. ### Changes Made: - Updated `.rubocop.yml` to...
## All PRs: * [x] Has tests * [ ] Documentation updated ## Adding a new header (Reporting-Endpoints) **Is the header supported by any user agent?* Yes - Chrome 116+,...
Fixes #512 Implements support for the W3C Reporting API (https://w3c.github.io/reporting/) to enable standardized browser reporting for security violations and other issues. Changes include: 1. New Reporting-Endpoints Header: - Added ReportingEndpoints...