Package gem-secure-headers: Information
Source package: gem-secure-headers
Version: 6.3.2-alt1
Build time: Sep 18, 2023, 11:38 PM in the task #307833
Category: Development/Ruby
Report package bugHome page: https://github.com/twitter/secureheaders
License: Apache Public License 2.0
Summary: Manages application of security headers with many safe defaults
Description:
main branch represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. The gem will automatically apply several headers that are related to security. This includes: * Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and other classes of attack. CSP 2 Specification * https://csp.withgoogle.com * https://csp.withgoogle.com/docs/strict-csp.html * https://csp-evaluator.withgoogle.com * HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS Specification * X-Frame-Options (XFO) - Prevents your content from being framed and potentially clickjacked. X-Frame-Options Specification * X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome * X-Content-Type-Options - Prevent content type sniffing * X-Download-Options - Prevent file downloads opening * X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to data * Referrer-Policy - Referrer Policy draft * Expect-CT - Only use certificates that are present in the certificate transparency logs. Expect-CT draft specification. * Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data specification. It can also mark all http cookies with the Secure, HttpOnly and SameSite attributes. This is on default but can be turned off by using 'config.cookies = SecureHeaders::OPT_OUT'. secure_headers is a library with a global config, per request overrides, and rack middleware that enables you customize your application settings.
List of rpms provided by this srpm:
gem-secure-headers (noarch)
gem-secure-headers-devel (noarch)
gem-secure-headers-doc (noarch)
gem-secure-headers (noarch)
gem-secure-headers-devel (noarch)
gem-secure-headers-doc (noarch)
Maintainer: Ruby Maintainers Team
Last changed
Sept. 2, 2021 Pavel Skrylev 6.3.2-alt1
- ^ 6.3.0 -> 6.3.2
May 6, 2020 Pavel Skrylev 6.3.0-alt1.1
- ! spec obsoletes/provides
March 5, 2020 Pavel Skrylev 6.3.0-alt1
- updated (^) 6.1.1 -> 6.3.0 - fixed (!) spec