New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modernize Rack::Protection::ContentSecurityPolicy #1202

Merged
merged 3 commits into from Dec 25, 2016

Conversation

Projects
None yet
5 participants
@grempe
Contributor

grempe commented Nov 7, 2016

Issue #1201 Modernizes Rack::Protection::ContentSecurityPolicy to support current CSP2 and CSP3 directives.

Issue #1200 Fixes a minor security warning on bundle install in a fresh repo.

Removes inline docs which were incomplete and insufficient for what is now
quite complex in CSP2 and CSP3. Adds additional current links to excellent
doc resources and tools.

grempe added some commits Nov 7, 2016

Fixes #1201, Modernize Rack::Protection::ContentSecurityPolicy
Adds complete set of directives that are currently supported by
browsers that support CSP Level 2 and Level 3 (draft).

Also supports directives that don't take any arguments.

The directives in the content security policy output are now sorted.
@grempe

This comment has been minimized.

Show comment
Hide comment
@grempe

grempe Nov 7, 2016

Contributor

The Travis CI build failures above are unrelated to these commits.

From the build logs:

https://travis-ci.org/sinatra/sinatra/builds/173822296

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
...
An error occurred while installing mini_racer (0.1.7), and Bundler
Contributor

grempe commented Nov 7, 2016

The Travis CI build failures above are unrelated to these commits.

From the build logs:

https://travis-ci.org/sinatra/sinatra/builds/173822296

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
...
An error occurred while installing mini_racer (0.1.7), and Bundler
@CGA1123

This comment has been minimized.

Show comment
Hide comment
@CGA1123

CGA1123 Nov 9, 2016

Travis failing is related to #1199

CGA1123 commented Nov 9, 2016

Travis failing is related to #1199

@namusyaka

This comment has been minimized.

Show comment
Hide comment
@namusyaka

namusyaka Nov 19, 2016

Member

This will be succeed because g++-4.8 is now available on ubuntu-trusty.

Member

namusyaka commented Nov 19, 2016

This will be succeed because g++-4.8 is now available on ubuntu-trusty.

@zzak zzak merged commit 85dd923 into sinatra:master Dec 25, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@zzak zzak referenced this pull request Dec 25, 2016

Closed

2.0.0 #1216

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment