From 4d311143bbf2cde1ed6f642e7748ac6bc07fc655 Mon Sep 17 00:00:00 2001 From: Neil Matatall Date: Sun, 17 Jul 2016 22:53:39 -0600 Subject: [PATCH] bump to 3.4.0 and include child/frame-src handling --- CHANGELOG.md | 14 ++++++++++++++ secure_headers.gemspec | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1abfc94f..41ddc15f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## 3.4.0 the frame-src/child-src transition for Firefox. + +Handle the `child-src`/`frame-src` transition semi-intelligently across versions. I think the code best descibes the behavior here: + +```ruby +if supported_directives.include?(:child_src) + @config[:child_src] = @config[:child_src] || @config[:frame_src] +else + @config[:frame_src] = @config[:frame_src] || @config[:child_src] +end +``` + +Also, @koenpunt noticed that we were [loading view helpers](https://github.com/twitter/secureheaders/pull/272) in a way that Rails 5 did not like. + ## 3.3.2 minor fix to silence warnings when using rake [@dankohn](https://github.com/twitter/secureheaders/issues/257) was seeing "already initialized" errors in his output. This change conditionally defines the constants. diff --git a/secure_headers.gemspec b/secure_headers.gemspec index 96bf0651..b1055ce1 100644 --- a/secure_headers.gemspec +++ b/secure_headers.gemspec @@ -1,7 +1,7 @@ # -*- encoding: utf-8 -*- Gem::Specification.new do |gem| gem.name = "secure_headers" - gem.version = "3.3.2" + gem.version = "3.4.0" gem.authors = ["Neil Matatall"] gem.email = ["neil.matatall@gmail.com"] gem.description = 'Security related headers all in one gem.'