Permalink
Browse files

rip out the remaining UA-specific code (and brwsr)

  • Loading branch information...
1 parent a943ce9 commit 7bc68b6df2fcc02d19d4d1315c9a86888feed1ec @oreoshake oreoshake committed Nov 5, 2013
View
@@ -48,23 +48,16 @@ def options_for(type, options)
end
module InstanceMethods
- def brwsr
- @secure_headers_brwsr ||= Brwsr::Browser.new(:ua => request.env['HTTP_USER_AGENT'])
- end
-
# backwards compatibility jank, to be removed in 1.0. Old API required a request
# object when it didn't really need to.
# set_csp_header - uses the request accessor and SecureHeader::Configuration settings
# set_csp_header(+Rack::Request+) - uses the parameter and and SecureHeader::Configuration settings
# set_csp_header(+Hash+) - uses the request accessor and options from parameters
# set_csp_header(+Rack::Request+, +Hash+)
def set_csp_header(req = nil, options=nil)
- return if broken_implementation?(brwsr)
-
+ # hack to help generating headers statically
if req.is_a?(Hash)
options = req
- elsif req
- @secure_headers_brwsr = Brwsr::Browser.new(:ua => req.env['HTTP_USER_AGENT'])
end
options = self.class.secure_headers_options[:csp] if options.nil?
@@ -85,7 +78,6 @@ def set_x_frame_options_header(options=self.class.secure_headers_options[:x_fram
end
def set_x_content_type_options_header(options=self.class.secure_headers_options[:x_content_type_options])
- return unless brwsr.ie? || brwsr.chrome?
set_a_header(:x_content_type_options, XContentTypeOptions, options)
end
@@ -116,10 +108,6 @@ def set_header(name_or_header, value=nil)
response.headers[name_or_header] = value
end
end
-
- def broken_implementation?(browser)
- return browser.ios5? || (browser.safari? && browser.version == '5')
- end
end
end
@@ -132,4 +120,3 @@ def broken_implementation?(browser)
require "secure_headers/headers/x_xss_protection"
require "secure_headers/headers/x_content_type_options"
require "secure_headers/railtie"
-require "brwsr"
@@ -1,5 +1,4 @@
require 'uri'
-require 'brwsr'
module SecureHeaders
class ContentSecurityPolicyBuildError < StandardError; end
@@ -18,6 +18,5 @@ Gem::Specification.new do |gem|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
gem.require_paths = ["lib"]
- gem.add_dependency "brwsr", ">= 1.1.1"
gem.add_development_dependency "rake"
end
@@ -1,5 +1,4 @@
require 'spec_helper'
-require 'brwsr'
module SecureHeaders
describe ContentSecurityPolicy do
@@ -92,15 +92,7 @@ def set_security_headers(subject)
USER_AGENTS.each do |name, useragent|
it "sets all default headers for #{name} (smoke test)" do
stub_user_agent(useragent)
- number_of_headers = case name
- when :ie, :chrome
- 5
- when :ios5, :safari5, :safari5_1
- 3 # csp breaks these browsers
- else
- 4
- end
-
+ number_of_headers = 5
subject.should_receive(:set_header).exactly(number_of_headers).times # a request for a given header
subject.set_csp_header
subject.set_x_frame_options_header
@@ -143,14 +135,6 @@ def set_security_headers(subject)
subject.set_csp_header(options_for(:csp).merge(:csp => false))
end
- # apparently iOS5 safari with CSP in enforce mode causes nothing to render
- # it has no effect in report-only mode (as in no report is sent)
- it "does not set CSP header if using ios5" do
- stub_user_agent(USER_AGENTS[:ios5])
- subject.should_not_receive(:set_header)
- subject.set_csp_header(options_for(:csp))
- end
-
context "when disabled by configuration settings" do
it "does not set any headers when disabled" do
::SecureHeaders::Configuration.configure do |config|
@@ -214,7 +198,7 @@ def set_security_headers(subject)
end
describe "#set_x_content_type_options" do
- [:ie, :chrome].each do |useragent|
+ USER_AGENTS.each do |useragent|
context "when using #{useragent}" do
before(:each) do
stub_user_agent(USER_AGENTS[useragent])

0 comments on commit 7bc68b6

Please sign in to comment.