Group :: Development/Ruby
RPM: gem-secure-headers
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Current version: 6.3.2-alt1
Build date: 2 september 2021, 09:04 ( 138.5 weeks ago )
Size: 50.21 Kb
Home page: https://github.com/twitter/secureheaders
License: Apache Public License 2.0
Summary: Manages application of security headers with many safe defaults
Description:
List of contributors List of rpms provided by this srpm:
ACL:
Build date: 2 september 2021, 09:04 ( 138.5 weeks ago )
Size: 50.21 Kb
Home page: https://github.com/twitter/secureheaders
License: Apache Public License 2.0
Summary: Manages application of security headers with many safe defaults
Description:
main branch represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x
doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes
should go in the 5.x branch for now.
The gem will automatically apply several headers that are related to security.
This includes:
* Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and
other classes of attack. CSP 2 Specification
* https://csp.withgoogle.com
* https://csp.withgoogle.com/docs/strict-csp.html
* https://csp-evaluator.withgoogle.com
* HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the
http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS
Specification
* X-Frame-Options (XFO) - Prevents your content from being framed and
potentially clickjacked. X-Frame-Options Specification
* X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
* X-Content-Type-Options - Prevent content type sniffing
* X-Download-Options - Prevent file downloads opening
* X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to
data
* Referrer-Policy - Referrer Policy draft
* Expect-CT - Only use certificates that are present in the certificate
transparency logs. Expect-CT draft specification.
* Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data
specification.
It can also mark all http cookies with the Secure, HttpOnly and SameSite
attributes. This is on default but can be turned off by using
'config.cookies = SecureHeaders::OPT_OUT'.
secure_headers is a library with a global config, per request overrides, and
rack middleware that enables you customize your application settings.
Current maintainer: Ruby Maintainers Team doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes
should go in the 5.x branch for now.
The gem will automatically apply several headers that are related to security.
This includes:
* Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and
other classes of attack. CSP 2 Specification
* https://csp.withgoogle.com
* https://csp.withgoogle.com/docs/strict-csp.html
* https://csp-evaluator.withgoogle.com
* HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the
http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS
Specification
* X-Frame-Options (XFO) - Prevents your content from being framed and
potentially clickjacked. X-Frame-Options Specification
* X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
* X-Content-Type-Options - Prevent content type sniffing
* X-Download-Options - Prevent file downloads opening
* X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to
data
* Referrer-Policy - Referrer Policy draft
* Expect-CT - Only use certificates that are present in the certificate
transparency logs. Expect-CT draft specification.
* Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data
specification.
It can also mark all http cookies with the Secure, HttpOnly and SameSite
attributes. This is on default but can be turned off by using
'config.cookies = SecureHeaders::OPT_OUT'.
secure_headers is a library with a global config, per request overrides, and
rack middleware that enables you customize your application settings.
List of contributors List of rpms provided by this srpm:
- gem-secure-headers
- gem-secure-headers-doc
- gem-secure-headers-devel