-
Is there a way to set separate csp policies for different controllers in rails?
-
It seems like secureheaders has some issues on Rails 4 (tested on Rails 4.1.6). The headers being set in my initializer aren't what's actually being served. From what I've read, Rails 4 sets more defa…
naiyt updated
9 years ago
-
I keep confusing the library with [secureheaders](https://github.com/twitter/secureheaders).
-
Currently a route to content_security_policy#scribe is always added, even in cases when forwarding is not set up. Instead of NOOP
```
def scribe
csp = ::SecureHeaders::Configuration.csp || {}
…
-
Should totally add a plugin generator for adding [SecureHeaders](https://github.com/twitter/secureheaders#using-with-padrino) to an app.
-
- HTTPS cookies
- XSS protection
- XFO protection
- and more!
-
Confirm magic for deployment, also ensure happy headers:
https://github.com/twitter/secureheaders
akerl updated
10 years ago
-
A browser detecting a CSP violation tries to post that violation to the secure_headers CSP end point on our server (ie. `/content_security_policy/forward_report`), but it 404s on that endpoint when in…
-
I came across a case when a friend asked if we had a Java version of secureheaders, would be great to list different language implementations right in the README.
https://github.com/sourceclear/headl…
-
[Bryan Helkamp](https://twitter.com/brynary) [suggests to add](http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/) [secureheaders](https://github.com/twitter/secureheaders) by defaul…