kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Merge pull request #1595 from mfinelli/csp-fix-no-arg-directives

Browse source 
Fix content security policy no-arg directives
This commit is contained in:
Jordan Owens 2020-03-11 00:25:38 -04:00 committed by GitHub
commit 2527f46bc4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rack-protection/lib/rack/protection/content_security_policy.rb
View file

@ -62,7 +62,7 @@ module Rack
# Set these key values to boolean 'true' to include in policy
NO_ARG_DIRECTIVES.each do |d|
if options.key?(d) && options[d].is_a?(TrueClass)
directives << d.to_s.sub(/_/, '-')
directives << d.to_s.tr('_', '-')
end
end

2
rack-protection/spec/lib/rack/protection/content_security_policy_spec.rb
View file

@ -33,7 +33,7 @@ describe Rack::Protection::ContentSecurityPolicy do
end
headers = get('/', {}, 'wants' => 'text/html').headers
expect(headers["Content-Security-Policy"]).to eq("block-all_mixed_content; connect-src 'self'; default-src none; disown-opener; img-src 'self'; script-src 'self'; style-src 'self'; upgrade-insecure_requests")
expect(headers["Content-Security-Policy"]).to eq("block-all-mixed-content; connect-src 'self'; default-src none; disown-opener; img-src 'self'; script-src 'self'; style-src 'self'; upgrade-insecure-requests")
end
it 'should ignore CSP3 no arg directives unless they are set to true' do