Skip to content

Beta rebase #262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 30 commits into from
Nov 20, 2025
Merged

Beta rebase #262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
a0e2f33
updates OWASP headers
JaredCE Sep 24, 2025
6db9399
0.0.116
JaredCE Sep 24, 2025
577644c
Merge pull request #258 from JaredCE/update-owasp
JaredCE Sep 24, 2025
e5627a8
update documentation
JaredCE Sep 25, 2025
4a8942a
0.0.117
JaredCE Sep 25, 2025
9510102
Merge pull request #260 from JaredCE/owasp-documentation
JaredCE Sep 25, 2025
dd7cdfc
updates js-yaml to 4.1.1 and updates openapi-to-postmanv2 to 5.4.1
JaredCE Nov 20, 2025
80cc999
0.0.118
JaredCE Nov 20, 2025
610d6ac
Merge pull request #261 from JaredCE/dependency-updates
JaredCE Nov 20, 2025
7307b4a
add a beta workflow
JaredCE Jul 13, 2025
b4fff72
don't use version
JaredCE Jul 13, 2025
a843665
We shouldn't need to convert schemas for 3.1.x
JaredCE Jul 13, 2025
88c2111
add to README
JaredCE Jul 13, 2025
a7abe8b
adds tests and fixes case
JaredCE Jul 13, 2025
694224e
fixes casing of OpenAPI
JaredCE Jul 13, 2025
8a11949
check whether we should try and convert an OpenAPI schema
JaredCE Jul 13, 2025
ef23686
update README with warning
JaredCE Jul 13, 2025
76ef5a4
improve README
JaredCE Jul 13, 2025
c60b6da
updates redocly-core to latest version 1
JaredCE Jul 28, 2025
39cfa8c
should run tests on beta too
JaredCE Jul 28, 2025
404312a
add a beta workflow
JaredCE Jul 13, 2025
7d0a131
don't use version
JaredCE Jul 13, 2025
3bb4a04
We shouldn't need to convert schemas for 3.1.x
JaredCE Jul 13, 2025
9b48196
add to README
JaredCE Jul 13, 2025
ba2277c
check whether we should try and convert an OpenAPI schema
JaredCE Jul 13, 2025
6950cfb
update README with warning
JaredCE Jul 13, 2025
9d40db5
improve README
JaredCE Jul 13, 2025
f61a4ad
updates redocly-core to latest version 1
JaredCE Jul 28, 2025
0cb86ef
Merge branch 'beta' into beta-rebase
JaredCE Nov 20, 2025
04c1ec4
0.0.118-beta.1
JaredCE Nov 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -932,7 +932,7 @@ The generator will interpret your settings for CORS and automatically add the re

You can make use of the [OWASP Secure Headers](https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies) to generate response headers. These are a selection of response headers with default values that OWASP recommends returning with your response to help secure your application.

The OWASP Secure Headers Project contains a set of recommended headers to return with recommended values, when generating the documentation, the generator will attempt to get the latest version of this document and apply the latest recommendations. If you do not allow outside connections, it will default to a version of recommendations from **2024-09-19 21:29:28 UTC**.
The OWASP Secure Headers Project contains a set of recommended headers to return with recommended values, when generating the documentation, the generator will attempt to get the latest version of this document and apply the latest recommendations. If you do not allow outside connections, it will default to a version of recommendations from **2025-08-17 15:23:47 UTC**.

Like CORS, if you have already set any of the OWASP Secure headers via `responseHeaders`, it will not overwrite them.

Expand Down Expand Up @@ -982,6 +982,7 @@ The full list of OWASP Secure Headers you can set are:
- xContentTypeOptions - X-Content-Type-Options,
- xFrameOptions - X-Frame-Options,
- xPermittedCrossDomainPolicies - X-Permitted-Cross-Domain-Policies
- xDNSPrefetchControl - X-DNS-Prefetch-Control

You should note that `Pragma` has been [deprecated by owasp](https://owasp.org/www-project-secure-headers/#pragma), this plugin will issue a warning when you are still using Pragma and might drop support.

Expand Down
8 changes: 6 additions & 2 deletions json/owasp.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"last_update_utc": "2024-09-19 21:29:28",
"last_update_utc": "2025-08-17 15:23:47",
"headers": [
{
"name": "Cache-Control",
Expand All @@ -11,7 +11,7 @@
},
{
"name": "Content-Security-Policy",
"value": "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content"
"value": "default-src 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests"
},
{
"name": "Cross-Origin-Embedder-Policy",
Expand Down Expand Up @@ -41,6 +41,10 @@
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"name": "X-Frame-Options",
"value": "deny"
Expand Down
Loading