New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for HTTP security headers. #1016

Closed
wants to merge 12 commits into
base: gh-pages
from

Conversation

Projects
None yet
5 participants
@ScottHelme

ScottHelme commented Aug 24, 2016

I often find myself writing configurations for CSP, HSTS and HPKP. These changes add support for these configurations to Prism.

@Golmote

This comment has been minimized.

Show comment
Hide comment
@Golmote

Golmote Aug 24, 2016

Contributor

Thanks for contributing! Please take a look at the comments I made regarding the code itself.
Also, it looks to me that hpkp and hsts look alike a lot. Couldn't they be merged as a single component?

It would be great if you could add examples and tests. Please refer to my comment #1014 (comment) for details.

Contributor

Golmote commented Aug 24, 2016

Thanks for contributing! Please take a look at the comments I made regarding the code itself.
Also, it looks to me that hpkp and hsts look alike a lot. Couldn't they be merged as a single component?

It would be great if you could add examples and tests. Please refer to my comment #1014 (comment) for details.

@ScottHelme

This comment has been minimized.

Show comment
Hide comment
@ScottHelme

ScottHelme Aug 24, 2016

Hey :-)

I fixed up the code based on the comments. I think that should now be good.

I will have a look at the requirements for the examples and tests.

ScottHelme commented Aug 24, 2016

Hey :-)

I fixed up the code based on the comments. I think that should now be good.

I will have a look at the requirements for the examples and tests.

ScottHelme added some commits Aug 25, 2016

Merge remote-tracking branch 'origin/gh-pages' into gh-pages
# Conflicts:
#	components/prism-csp.js
#	components/prism-csp.min.js
#	components/prism-hpkp.js
#	components/prism-hpkp.min.js
#	components/prism-hsts.min.js
@ScottHelme

This comment has been minimized.

Show comment
Hide comment
@ScottHelme

ScottHelme Aug 25, 2016

I've learnt a lot more about regexp than I intended ;-)

How is it looking now?

ScottHelme commented Aug 25, 2016

I've learnt a lot more about regexp than I intended ;-)

How is it looking now?

@ScottHelme

This comment has been minimized.

Show comment
Hide comment
@ScottHelme

ScottHelme Aug 25, 2016

Getting there... :-D

ScottHelme commented Aug 25, 2016

Getting there... :-D

@Golmote

This comment has been minimized.

Show comment
Hide comment
@Golmote

Golmote Aug 25, 2016

Contributor

I won't merge until I'm back on a computer next week (currently reviewing with my phone). In the meantime, if you can write examples and tests, and think about my suggestion to merge hpkp and hsts, it would be really great!

Contributor

Golmote commented Aug 25, 2016

I won't merge until I'm back on a computer next week (currently reviewing with my phone). In the meantime, if you can write examples and tests, and think about my suggestion to merge hpkp and hsts, it would be really great!

@ScottHelme

This comment has been minimized.

Show comment
Hide comment
@ScottHelme

ScottHelme Aug 25, 2016

We could merge HPKP and HSTS but they're different technologies and may diverge further in the future. Also, the numeric value ranges are different for the two. From my side it makes sense to keep these separate.

As for the examples and test I will take a look at what's required.

ScottHelme commented Aug 25, 2016

We could merge HPKP and HSTS but they're different technologies and may diverge further in the future. Also, the numeric value ranges are different for the two. From my side it makes sense to keep these separate.

As for the examples and test I will take a look at what's required.

@papandreou

This comment has been minimized.

Show comment
Hide comment
@papandreou

papandreou Jan 28, 2018

Contributor

Very interested in seeing this landed. Anything I can do to help out?

Contributor

papandreou commented Jan 28, 2018

Very interested in seeing this landed. Anything I can do to help out?

@ScottHelme

This comment has been minimized.

Show comment
Hide comment
@ScottHelme

ScottHelme Jan 28, 2018

I think it's just the examples and test that are outstanding.

ScottHelme commented Jan 28, 2018

I think it's just the examples and test that are outstanding.

@papandreou

This comment has been minimized.

Show comment
Hide comment
@papandreou

papandreou Jan 29, 2018

Contributor

@ScottHelme, fixed some bugs and added the missing pieces over here: #1275

If you'd rather work some more on this, feel free to cherry-pick the relevant changes back here :)

Contributor

papandreou commented Jan 29, 2018

@ScottHelme, fixed some bugs and added the missing pieces over here: #1275

If you'd rather work some more on this, feel free to cherry-pick the relevant changes back here :)

@Golmote

This comment has been minimized.

Show comment
Hide comment
@Golmote

Golmote Jan 31, 2018

Contributor

Closing after #1275 was merged.

Contributor

Golmote commented Jan 31, 2018

Closing after #1275 was merged.

@Golmote Golmote closed this Jan 31, 2018

@mattes

This comment has been minimized.

Show comment
Hide comment
@mattes

mattes Jan 31, 2018

Big +1 on this, too. We just contributed the Content-Security-Policy highlighting to the ace editor. ajaxorg/ace#3511. Would be great to have it for prism as well.

mattes commented Jan 31, 2018

Big +1 on this, too. We just contributed the Content-Security-Policy highlighting to the ace editor. ajaxorg/ace#3511. Would be great to have it for prism as well.

@mattes

This comment has been minimized.

Show comment
Hide comment
@mattes

mattes Jan 31, 2018

Oops, had an outdated cached tab open. Glad it's merged!

mattes commented Jan 31, 2018

Oops, had an outdated cached tab open. Glad it's merged!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment