Releases · github/secure_headers

This removes the forwarder and "experimental" feature. The forwarder wasn't well maintained and created a lot of headaches. Also, it was using an outdated certificate pack for compatibility. That's bad. The experimental feature wasn't really used and it complicated the codebase a lot. It's also a questionably useful API that is very confusing.

Assets 2

06 Dec 01:55

oreoshake

v.2.0.0.pre2

5f792f0

Adds X-Permitted-Cross-Domain-Policies support by default

The only change between this and the first pre release is that the X-Permitted-Cross-Domain-Policies support is included.

Assets 2

14 Nov 00:54

oreoshake

v2.0.0.pre

97e1751

2.0.0.pre - CSP level 2 support Pre-release

Pre-release

This release is intended to be ready for CSP level 2. Mainly, this means there is direct support for hash/nonce of inline content and includes many new directives (which do not inherit from default-src)

Assets 2

13 Oct 22:05

oreoshake

v1.3.4

5c3bfd1

v1.3.4

Adds X-Download-Options support
Adds support for X-XSS-Protection reporting
Defers loading of rails engine for faster boot times

Assets 3

15 Aug 02:30

oreoshake

v1.3.3

7d027ac

hsts preload confirmation value support

@agl just made a new option for HSTS representing confirmation that a site wants to be included in a browser's preload list (https://hstspreload.appspot.com).

This just adds a new 'preload' option to the HSTS settings to specify that option.

Assets 3

Releases: github/secure_headers

Pass controller reference to callable config value expressions.

Uh oh!

Add hpkp support

Uh oh!

Add report_uri constant value

Uh oh!

View Helpers Fixed

Uh oh!

2.0

Uh oh!

Deprecate features in preparation for 2.0

Uh oh!

Adds X-Permitted-Cross-Domain-Policies support by default

Uh oh!

2.0.0.pre - CSP level 2 support

Uh oh!

v1.3.4

Uh oh!

hsts preload confirmation value support

Uh oh!