-
After installed secureheaders, Morris: github.com/morrisjs/morris.js/ did not show the graphics anymore.
someone is having the same issue?
-
From README:
```
Hash sources are valid for inline style blocks but are not yet supported by secure_headers.
```
Should add support for them. :)
-
I've a config like:
`::SecureHeaders::Configuration.configure do |config|
config.x_xss_protection = {value: 1, mode: 'block'}
end`
There is more in the config, but I think these are the relevant as…
-
Consider using gems to harden BadgeApp.
In particular, look at "secureheaders" https://github.com/twitter/secureheaders - this creates hardened HTTP headers that hardens against many attacks. We'll …
-
Is there any difference in installing secureheaders in comparison to other gems? The documentation does not have any details, and I keep failing:
1. `gem 'secureheaders'` and `bundle install` leads to…
-
Hello,
I've been spending the past couple of days trying to figure out why Chrome and Firefox are not allowing non-secure URLs through, but have come up empty so far. I was hoping perhaps someone her…
-
Should we add a criteria involving hardening?
In many systems there are various ways of hardening a program against attack (e.g., compilation flags, additional header generation for web applications,…
-
Would be nice to start the discussion around supporting nonce as has been done in other similar projects (https://github.com/twitter/secureheaders)
References
- https://github.com/twitter/secureheade…
-
Making note of the `before_filter` deprecations we now have on boot.
https://github.com/twitter/secureheaders/pull/215
-
No tags make sad: https://github.com/twitter/secureheaders/releases
Would be great to add github release notes too!
https://github.com/blog/1547-release-your-software