search

github / secure_headers

Manages application of security headers with many safe defaults
MIT License
3.16k stars 252 forks source link

fix source dedup breaking with port wildcards #490

Closed machisuji closed 2 years ago

machisuji commented 2 years ago

Fixes the bug introduced with release v6.3.4 in #478 that causes errors like the following when using port wildcards such as ws://localhost:* in one's sources:

2022-06-29 08:56:52 +0100 Rack app ("GET /" - (::1)): #<URI::InvalidURIError: bad URI(is not URI?): "ws://localhost:*">
2022-06-29 08:56:52 +0100 Rack app ("GET /favicon.ico" - (::1)): #<URI::InvalidURIError: bad URI(is not URI?): "ws://localhost:*">
vcsjones commented 2 years ago

Thanks for the pull request! We'll be looking at this shortly.

lgarron commented 2 years ago

@machisuji Would you be able to revise this PR?

machisuji commented 2 years ago

@machisuji Would you be able to revise this PR?

Oh boy, sorry! I completely forgot about that. I will do that first thing tomorrow morning! Thanks for your patience.

machisuji commented 2 years ago

@lgarron I've pushed some changes which should address your remarks.

machisuji commented 2 years ago

Just pushed a tiny correction to use double quotes where single quotes were used before.

lgarron commented 2 years ago

We've removed the feature altogether in https://github.com/github/secure_headers/pull/499 — see the PR description for more details.

Thanks for the PR; I'm sorry it didn't work out.

machisuji commented 2 years ago

@lgarron Thanks for the update. I think it's the right call. If people want to save precious bytes, they can make sure not to pass in duplicate sources themselves, really. I'm happy either way because removing the feature removes the bug that was hindering us.