bump to 3.4.0 and include child/frame-src handling

github · Jul 18, 2016 · 4d31114 · 4d31114
1 parent 0cc560c
commit 4d31114
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 3.4.0 the frame-src/child-src transition for Firefox.
+
+Handle the `child-src`/`frame-src` transition semi-intelligently across versions. I think the code best descibes the behavior here:
+
+```ruby
+if supported_directives.include?(:child_src)
+  @config[:child_src] = @config[:child_src] || @config[:frame_src]
+else
+  @config[:frame_src] = @config[:frame_src] || @config[:child_src]
+end
+```
+
+Also, @koenpunt noticed that we were [loading view helpers](https://github.com/twitter/secureheaders/pull/272) in a way that Rails 5 did not like.
+
 ## 3.3.2 minor fix to silence warnings when using rake
 
 [@dankohn](https://github.com/twitter/secureheaders/issues/257) was seeing "already initialized" errors in his output. This change conditionally defines the constants.

diff --git a/secure_headers.gemspec b/secure_headers.gemspec
@@ -1,7 +1,7 @@
 # -*- encoding: utf-8 -*-
 Gem::Specification.new do |gem|
   gem.name          = "secure_headers"
-  gem.version       = "3.3.2"
+  gem.version       = "3.4.0"
   gem.authors       = ["Neil Matatall"]
   gem.email         = ["[email protected]"]
   gem.description   = 'Security related headers all in one gem.'