Lowercase headers - Githubissues

github / secure_headers

Manages application of security headers with many safe defaults

MIT License

3.17k stars 252 forks source link

Lowercase headers #533

Open arashnd opened 4 weeks ago

arashnd commented 4 weeks ago

All PRs:

[X] Has tests
[x] Documentation updated

Adding a new header

Generally, adding a new header is always OK.

Is the header supported by any user agent? If so, which?
What does it do?
What are the valid values for the header?
Where does the specification live?

Adding a new CSP directive

Is the directive supported by any user agent? If so, which?
What does it do?
What are the valid values for the directive?

Rack 3 Response header keys can no longer include uppercase characters. https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md#rack-3-upgrade-guide

Rack Lint error out when using secure_headers because its adding headers with uppercase

Rack::Lint::LintError: uppercase character in header name: X-Frame-Options (Rack::Lint::LintError)

obrie commented 1 week ago

Thanks for working on this! It'd be great to have this merged and released to unblock local development with Rack 3.x.