rip out the remaining UA-specific code (and brwsr)

github · Nov 5, 2013 · 7bc68b6 · 7bc68b6
1 parent a943ce9
commit 7bc68b6
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 35 deletions.
diff --git a/lib/secure_headers.rb b/lib/secure_headers.rb
@@ -48,23 +48,16 @@ def options_for(type, options)
   end
 
   module InstanceMethods
-    def brwsr
-      @secure_headers_brwsr ||= Brwsr::Browser.new(:ua => request.env['HTTP_USER_AGENT'])
-    end
-
     # backwards compatibility jank, to be removed in 1.0. Old API required a request
     # object when it didn't really need to.
     # set_csp_header - uses the request accessor and SecureHeader::Configuration settings
     # set_csp_header(+Rack::Request+) - uses the parameter and and SecureHeader::Configuration settings
     # set_csp_header(+Hash+) - uses the request accessor and options from parameters
     # set_csp_header(+Rack::Request+, +Hash+)
     def set_csp_header(req = nil, options=nil)
-      return if broken_implementation?(brwsr)
-
+      # hack to help generating headers statically
       if req.is_a?(Hash)
         options = req
-      elsif req
-        @secure_headers_brwsr = Brwsr::Browser.new(:ua => req.env['HTTP_USER_AGENT'])
       end
 
       options = self.class.secure_headers_options[:csp] if options.nil?
@@ -85,7 +78,6 @@ def set_x_frame_options_header(options=self.class.secure_headers_options[:x_fram
     end
 
     def set_x_content_type_options_header(options=self.class.secure_headers_options[:x_content_type_options])
-      return unless brwsr.ie? || brwsr.chrome?
       set_a_header(:x_content_type_options, XContentTypeOptions, options)
     end
 
@@ -116,10 +108,6 @@ def set_header(name_or_header, value=nil)
         response.headers[name_or_header] = value
       end
     end
-
-    def broken_implementation?(browser)
-      return browser.ios5? || (browser.safari? && browser.version == '5')
-    end
   end
 end
 
@@ -132,4 +120,3 @@ def broken_implementation?(browser)
 require "secure_headers/headers/x_xss_protection"
 require "secure_headers/headers/x_content_type_options"
 require "secure_headers/railtie"
-require "brwsr"
diff --git a/lib/secure_headers/headers/content_security_policy.rb b/lib/secure_headers/headers/content_security_policy.rb
@@ -1,5 +1,4 @@
 require 'uri'
-require 'brwsr'
 
 module SecureHeaders
   class ContentSecurityPolicyBuildError < StandardError; end

diff --git a/secure_headers.gemspec b/secure_headers.gemspec
@@ -18,6 +18,5 @@ Gem::Specification.new do |gem|
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
-  gem.add_dependency "brwsr", ">= 1.1.1"
   gem.add_development_dependency "rake"
 end
diff --git a/spec/lib/secure_headers/headers/content_security_policy_spec.rb b/spec/lib/secure_headers/headers/content_security_policy_spec.rb
@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'brwsr'
 
 module SecureHeaders
   describe ContentSecurityPolicy do

diff --git a/spec/lib/secure_headers_spec.rb b/spec/lib/secure_headers_spec.rb
@@ -92,15 +92,7 @@ def set_security_headers(subject)
     USER_AGENTS.each do |name, useragent|
       it "sets all default headers for #{name} (smoke test)" do
         stub_user_agent(useragent)
-        number_of_headers = case name
-        when :ie, :chrome
-          5
-        when :ios5, :safari5, :safari5_1
-          3 # csp breaks these browsers
-        else
-          4
-        end
-
+        number_of_headers = 5
         subject.should_receive(:set_header).exactly(number_of_headers).times # a request for a given header
         subject.set_csp_header
         subject.set_x_frame_options_header
@@ -143,14 +135,6 @@ def set_security_headers(subject)
       subject.set_csp_header(options_for(:csp).merge(:csp => false))
     end
 
-    # apparently iOS5 safari with CSP in enforce mode causes nothing to render
-    # it has no effect in report-only mode (as in no report is sent)
-    it "does not set CSP header if using ios5" do
-      stub_user_agent(USER_AGENTS[:ios5])
-      subject.should_not_receive(:set_header)
-      subject.set_csp_header(options_for(:csp))
-    end
-
     context "when disabled by configuration settings" do
       it "does not set any headers when disabled" do
         ::SecureHeaders::Configuration.configure do |config|
@@ -214,7 +198,7 @@ def set_security_headers(subject)
   end
 
   describe "#set_x_content_type_options" do
-    [:ie, :chrome].each do |useragent|
+    USER_AGENTS.each do |useragent|
       context "when using #{useragent}" do
         before(:each) do
           stub_user_agent(USER_AGENTS[useragent])