Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / github/secure_headers issues and pull requests

#513 - RubyGems doesn't have latest version of this gem

Issue - State: open - Opened by zmariscal 8 months ago - 1 comment

#510 - Bump actions/checkout from 3 to 4

Pull Request - State: open - Opened by dependabot[bot] 10 months ago
Labels: dependencies

#509 - deprecate block-all-mixed-content

Pull Request - State: closed - Opened by KyFaSt 12 months ago

#508 - test issue

Issue - State: closed - Opened by KyFaSt 12 months ago

#507 - test issue

Issue - State: closed - Opened by KyFaSt 12 months ago

#506 - Make SecureSecurityPolicyConfig significantly faster

Pull Request - State: closed - Opened by jhawthorn about 1 year ago

#505 - How can I disable 'unsafe-inline' from script-src?

Issue - State: closed - Opened by josemateuss about 1 year ago - 1 comment

#504 - Adds Ruby 3.2 to the CI matrix

Pull Request - State: closed - Opened by petergoldstein over 1 year ago - 1 comment

#503 - jekyll integration

Issue - State: closed - Opened by LeoWebSEO over 1 year ago - 3 comments

#502 - Update `.ruby-version` to `3.1.1`

Pull Request - State: closed - Opened by lgarron over 1 year ago

#501 - v6.5.0

Pull Request - State: closed - Opened by lgarron over 1 year ago

#500 - CI changes: run on push, drop Ruby 2.5

Pull Request - State: closed - Opened by lgarron over 1 year ago

#499 - Remove source expression deduplication.

Pull Request - State: closed - Opened by lgarron over 1 year ago

#498 - Semantically parse and deduplicate source expressions

Pull Request - State: closed - Opened by lgarron almost 2 years ago - 3 comments

#497 - Semantically parse source expressions.

Pull Request - State: closed - Opened by lgarron almost 2 years ago

#496 - Set license code in metadata to MIT

Pull Request - State: closed - Opened by ekohl almost 2 years ago

#495 - Trusted types: Use single-quoted `'script'`.

Pull Request - State: closed - Opened by lgarron almost 2 years ago

#494 - update version and changelog

Pull Request - State: closed - Opened by KyFaSt almost 2 years ago

#493 - Use SPDX license code and swap summary & description

Pull Request - State: closed - Opened by ekohl almost 2 years ago

#492 - Installation instructions unclear

Issue - State: closed - Opened by TravisSpangle almost 2 years ago - 1 comment

#491 - URI::InvalidURIError: Invalid data URI

Issue - State: closed - Opened by istana about 2 years ago - 1 comment

#490 - fix source dedup breaking with port wildcards

Pull Request - State: closed - Opened by machisuji about 2 years ago - 7 comments

#489 - Add Ruby 3.1 to the CI configuration

Pull Request - State: closed - Opened by petergoldstein about 2 years ago - 1 comment

#488 - Add Dependabot for GitHub Actions

Pull Request - State: closed - Opened by petergoldstein about 2 years ago - 2 comments

#487 - Update changelog and version for v6.3.4.

Pull Request - State: closed - Opened by lgarron about 2 years ago

#486 - Add trusted-types and require-trusted-types-for CSP Directive

Pull Request - State: closed - Opened by KyFaSt about 2 years ago

#485 - Add tests for hash generation

Pull Request - State: open - Opened by rahearn about 2 years ago

#484 - Handle different schemes in dedup logic

Pull Request - State: closed - Opened by srt32 about 2 years ago - 1 comment

#483 - Update README.md

Pull Request - State: closed - Opened by akashhansda about 2 years ago

#482 - Set `default-src` CSP Attribute to `none` by default

Issue - State: open - Opened by rzhade3 about 2 years ago - 1 comment

#481 - Update README.md

Pull Request - State: closed - Opened by akashhansda about 2 years ago

#480 - Major Version 7.0.0

Issue - State: open - Opened by JackMc about 2 years ago - 1 comment

#479 - Update default X-XSS-Protection value to 0

Pull Request - State: open - Opened by rzhade3 over 2 years ago - 2 comments

#478 - do not dedupe alternate schema source expresions

Pull Request - State: closed - Opened by keithamus over 2 years ago - 5 comments

#477 - normalize domains with trailing slashes

Pull Request - State: open - Opened by keithamus over 2 years ago - 1 comment

#476 - Support CSP "double policies"

Issue - State: open - Opened by rohansharma over 2 years ago

#475 - Add global config for nonce (and hash) application

Pull Request - State: closed - Opened by pcasaretto over 2 years ago - 3 comments

#474 - Add require-trusted-types-for to CSP

Issue - State: closed - Opened by dorianmariefr over 2 years ago - 3 comments

#473 - Why is CSP in report only mode blocking requests?

Issue - State: closed - Opened by VikasKumar190 almost 3 years ago - 3 comments

#472 - Fix hash generation for indented helper methods

Pull Request - State: closed - Opened by rahearn almost 3 years ago - 3 comments

#471 - Add support for CSP level 3

Issue - State: closed - Opened by ankitagrawal0x90 about 3 years ago - 3 comments

#469 - Incorrect Version as latest release

Issue - State: closed - Opened by ibexcrm-dev over 3 years ago - 1 comment

#468 - Update ruby build scripts and bump test matrix versions

Pull Request - State: closed - Opened by oreoshake over 3 years ago

#467 - Fix ClearSiteData example

Pull Request - State: closed - Opened by sapientpants over 3 years ago

#466 - Guide for transitioning from secure_headers to vanilla rails csp

Issue - State: open - Opened by oreoshake over 3 years ago - 3 comments

#465 - Add missing CSP version 3 directives

Pull Request - State: closed - Opened by ggalmazor over 3 years ago - 7 comments

#464 - modify lists in place instead of returning new objects

Pull Request - State: closed - Opened by oreoshake over 3 years ago

#463 - use un-rolled method for duplciating configs instead of serializing to and from hash

Pull Request - State: closed - Opened by oreoshake over 3 years ago - 1 comment

#462 - [micro-optimization] use regexp.match instead of =~

Pull Request - State: closed - Opened by oreoshake over 3 years ago

#460 - Add ability to cache default header set

Pull Request - State: closed - Opened by oreoshake over 3 years ago - 1 comment

#459 - Setting SameSite cookie attribute conditionally

Issue - State: closed - Opened by arashb31 over 3 years ago - 4 comments

#452 - Add disable_minification option to CSP config to bypass any post-processing of config data

Pull Request - State: closed - Opened by oreoshake over 3 years ago - 3 comments

#449 - How to enforce secure cookies

Issue - State: closed - Opened by alexanderadam over 3 years ago - 4 comments

#447 - CSP and google tag manager

Issue - State: closed - Opened by mateo9 almost 4 years ago - 1 comment

#446 - Minor improvements to 6.0 upgrade doc [ci skip]

Pull Request - State: closed - Opened by carlosantoniodasilva almost 4 years ago

#445 - omniauth and session

Issue - State: closed - Opened by Eth3rnit3 almost 4 years ago - 5 comments

#444 - Add test to exercise override opting out without default_src

Pull Request - State: open - Opened by rafaelfranca almost 4 years ago - 6 comments

#443 - Fix ruby 2.7 deprecation warnings with **

Pull Request - State: closed - Opened by oreoshake about 4 years ago

#442 - Ruby 2.7 compatibility

Issue - State: closed - Opened by oreoshake about 4 years ago

#441 - Fetch Metadata Browser Headers

Issue - State: open - Opened by ThunderSon about 4 years ago - 1 comment

#439 - Should x-xss-protection default to “0” instead of “1; mode=block”

Issue - State: open - Opened by oreoshake about 4 years ago - 12 comments

#438 - how to allow all iframe for any sites?

Issue - State: closed - Opened by RohitVenturit about 4 years ago - 1 comment

#437 - Ignoring CSP on some formats

Issue - State: closed - Opened by paul-mesnilgrente about 4 years ago - 1 comment

#436 - Raise on override defined config

Pull Request - State: closed - Opened by jobertabma over 4 years ago - 2 comments

#435 - Overriding the same override leads to ???

Issue - State: closed - Opened by oreoshake over 4 years ago
Labels: bug, good first issue

#434 - CSP ["https://*"] or ["http://*"] will be transferred to ["*"]

Issue - State: closed - Opened by zhengxiangyue over 4 years ago - 3 comments

#433 - DEPRECATION WARNING when set csp report_only: true, 3.9.0

Issue - State: closed - Opened by zhengxiangyue over 4 years ago - 1 comment

#432 - Fix or remove support for automatically-computed CSP hashes

Issue - State: open - Opened by chongfai13 over 4 years ago - 13 comments

#431 - How to display the csp setting at Chrome Response Headers?

Issue - State: closed - Opened by chongfai13 over 4 years ago - 3 comments

#430 - Add rubocop-performance gem and config to fix deprecation message

Pull Request - State: closed - Opened by oreoshake over 4 years ago

#429 - Fix "Input 'version' has been deprecated…

Pull Request - State: closed - Opened by oreoshake over 4 years ago

#428 - Add GitHub actions CI setup

Pull Request - State: closed - Opened by oreoshake over 4 years ago

#427 - Add twitter-archive fork reference

Pull Request - State: closed - Opened by kaoudis over 4 years ago
Labels: documentation

#426 - secure_headers is moving!

Issue - State: closed - Opened by kaoudis over 4 years ago - 1 comment

#425 - How to remove X-Frame-Options header from a response

Issue - State: closed - Opened by vmarquet over 4 years ago - 1 comment

#424 - bundler_audit found vulnerability in both v3.8.0 and v3.9.0

Issue - State: closed - Opened by marinfr over 4 years ago - 10 comments

#422 - Move semicolon/newline handling to validation and raise errors

Pull Request - State: closed - Opened by oreoshake over 4 years ago - 6 comments

#421 - escape semicolons by replacing them with spaces for 5.x line

Pull Request - State: closed - Opened by oreoshake over 4 years ago

#420 - Escape semi colons in directive source lists in 3.x releases

Pull Request - State: closed - Opened by oreoshake over 4 years ago

#414 - Add support for SameSite=None

Pull Request - State: closed - Opened by oreoshake over 4 years ago - 5 comments

#407 - Webpacker `javascript_packs_with_chunks_tag` support

Issue - State: open - Opened by seanders almost 5 years ago - 2 comments

#400 - Replace cookie internals with CookiesAndCream

Issue - State: closed - Opened by oreoshake over 5 years ago - 2 comments

#394 - Confirm feature parity with secure_headers <=> rails vanilla

Issue - State: open - Opened by oreoshake almost 6 years ago - 2 comments

#369 - expect-ct is undocumented

Issue - State: closed - Opened by oreoshake over 6 years ago - 1 comment
Labels: easy, good first issue

#350 - Implement strict-dynamic alongside URL allowlists

Issue - State: closed - Opened by akashdotsrivastava almost 7 years ago - 2 comments

#348 - Don't upgrade insecure requests when the page is served over HTTP

Issue - State: open - Opened by guiprav almost 7 years ago - 9 comments
Labels: bug, 3.x, 4.x

#346 - Prevent global cookie OPT_OUT from blowing up in middleware

Pull Request - State: closed - Opened by oreoshake almost 7 years ago - 1 comment

#331 - Cross-Origin Resource Sharing (CORS)

Issue - State: closed - Opened by somethingnew2-0 about 7 years ago - 4 comments
Labels: feature

#323 - Handle setting multiple headers of the same name (by using a comma-separate list)

Issue - State: open - Opened by oreoshake about 7 years ago - 5 comments
Labels: enhancement, feature