Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / github/secure_headers issues and pull requests
#524 - Bump ruby/setup-ruby from 1.190.0 to 1.193.0
Pull Request -
State: open - Opened by dependabot[bot] 9 days ago
Labels: dependencies
#523 - Bump ruby/setup-ruby from 1.190.0 to 1.192.0
Pull Request -
State: closed - Opened by dependabot[bot] 16 days ago
- 1 comment
Labels: dependencies
#522 - Bump ruby/setup-ruby from 1.190.0 to 1.191.0
Pull Request -
State: closed - Opened by dependabot[bot] 23 days ago
- 1 comment
Labels: dependencies
#521 - [Housekeeping] Add permissions to build workflow and pin ruby
Pull Request -
State: closed - Opened by vcsjones about 2 months ago
#520 - Update build.yml
Pull Request -
State: closed - Opened by boveus about 2 months ago
#516 - fix: Avoid throwing cookie headers when encountering an empty cookie-av
Pull Request -
State: closed - Opened by MrLukeSmith 3 months ago
- 1 comment
#514 - SecureHeaders middleware erases all cookies in Rack 3 due to \n joining
Issue -
State: open - Opened by collinsauve 5 months ago
- 1 comment
#513 - RubyGems doesn't have latest version of this gem
Issue -
State: closed - Opened by zmariscal 11 months ago
- 3 comments
#512 - CSP Report-uri deprecated, replaced by report-to
Issue -
State: open - Opened by martindaehn23 12 months ago
#511 - `content_security_policy_nonce` calls Rails method so CSP does not contain nonce
Issue -
State: open - Opened by jdudley1123 about 1 year ago
- 2 comments
#510 - Bump actions/checkout from 3 to 4
Pull Request -
State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies
#509 - deprecate block-all-mixed-content
Pull Request -
State: closed - Opened by KyFaSt about 1 year ago
#508 - test issue
Issue -
State: closed - Opened by KyFaSt about 1 year ago
#507 - test issue
Issue -
State: closed - Opened by KyFaSt about 1 year ago
#506 - Make SecureSecurityPolicyConfig significantly faster
Pull Request -
State: closed - Opened by jhawthorn over 1 year ago
#505 - How can I disable 'unsafe-inline' from script-src?
Issue -
State: closed - Opened by josemateuss over 1 year ago
- 1 comment
#504 - Adds Ruby 3.2 to the CI matrix
Pull Request -
State: closed - Opened by petergoldstein almost 2 years ago
- 1 comment
#503 - jekyll integration
Issue -
State: closed - Opened by LeoWebSEO almost 2 years ago
- 3 comments
#502 - Update `.ruby-version` to `3.1.1`
Pull Request -
State: closed - Opened by lgarron almost 2 years ago
#501 - v6.5.0
Pull Request -
State: closed - Opened by lgarron almost 2 years ago
#500 - CI changes: run on push, drop Ruby 2.5
Pull Request -
State: closed - Opened by lgarron almost 2 years ago
#499 - Remove source expression deduplication.
Pull Request -
State: closed - Opened by lgarron almost 2 years ago
#498 - Semantically parse and deduplicate source expressions
Pull Request -
State: closed - Opened by lgarron about 2 years ago
- 3 comments
#497 - Semantically parse source expressions.
Pull Request -
State: closed - Opened by lgarron about 2 years ago
#496 - Set license code in metadata to MIT
Pull Request -
State: closed - Opened by ekohl about 2 years ago
#495 - Trusted types: Use single-quoted `'script'`.
Pull Request -
State: closed - Opened by lgarron about 2 years ago
#494 - update version and changelog
Pull Request -
State: closed - Opened by KyFaSt about 2 years ago
#493 - Use SPDX license code and swap summary & description
Pull Request -
State: closed - Opened by ekohl about 2 years ago
#492 - Installation instructions unclear
Issue -
State: closed - Opened by TravisSpangle about 2 years ago
- 1 comment
#491 - URI::InvalidURIError: Invalid data URI
Issue -
State: closed - Opened by istana over 2 years ago
- 1 comment
#490 - fix source dedup breaking with port wildcards
Pull Request -
State: closed - Opened by machisuji over 2 years ago
- 7 comments
#489 - Add Ruby 3.1 to the CI configuration
Pull Request -
State: closed - Opened by petergoldstein over 2 years ago
- 1 comment
#488 - Add Dependabot for GitHub Actions
Pull Request -
State: closed - Opened by petergoldstein over 2 years ago
- 2 comments
#487 - Update changelog and version for v6.3.4.
Pull Request -
State: closed - Opened by lgarron over 2 years ago
#486 - Add trusted-types and require-trusted-types-for CSP Directive
Pull Request -
State: closed - Opened by KyFaSt over 2 years ago
#485 - Add tests for hash generation
Pull Request -
State: open - Opened by rahearn over 2 years ago
#484 - Handle different schemes in dedup logic
Pull Request -
State: closed - Opened by srt32 over 2 years ago
- 1 comment
#483 - Update README.md
Pull Request -
State: closed - Opened by akashhansda over 2 years ago
#482 - Set `default-src` CSP Attribute to `none` by default
Issue -
State: open - Opened by rzhade3 over 2 years ago
- 1 comment
#481 - Update README.md
Pull Request -
State: closed - Opened by akashhansda over 2 years ago
#480 - Major Version 7.0.0
Issue -
State: open - Opened by JackMc over 2 years ago
- 1 comment
#479 - Update default X-XSS-Protection value to 0
Pull Request -
State: closed - Opened by rzhade3 over 2 years ago
- 2 comments
#478 - do not dedupe alternate schema source expresions
Pull Request -
State: closed - Opened by keithamus over 2 years ago
- 5 comments
#477 - normalize domains with trailing slashes
Pull Request -
State: open - Opened by keithamus over 2 years ago
- 1 comment
#476 - Support CSP "double policies"
Issue -
State: open - Opened by rohansharma over 2 years ago
#475 - Add global config for nonce (and hash) application
Pull Request -
State: closed - Opened by pcasaretto over 2 years ago
- 3 comments
#474 - Add require-trusted-types-for to CSP
Issue -
State: closed - Opened by dorianmariefr almost 3 years ago
- 3 comments
#473 - Why is CSP in report only mode blocking requests?
Issue -
State: closed - Opened by VikasKumar190 about 3 years ago
- 3 comments
#472 - Fix hash generation for indented helper methods
Pull Request -
State: closed - Opened by rahearn about 3 years ago
- 3 comments
#471 - Add support for CSP level 3
Issue -
State: closed - Opened by ankitagrawal0x90 over 3 years ago
- 3 comments
#470 - nonced tag helpers including nonce directive in csp has potential to break applications
Issue -
State: open - Opened by pcasaretto over 3 years ago
- 17 comments
#469 - Incorrect Version as latest release
Issue -
State: closed - Opened by ibexcrm-dev over 3 years ago
- 1 comment
#468 - Update ruby build scripts and bump test matrix versions
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
#467 - Fix ClearSiteData example
Pull Request -
State: closed - Opened by sapientpants over 3 years ago
#466 - Guide for transitioning from secure_headers to vanilla rails csp
Issue -
State: open - Opened by oreoshake over 3 years ago
- 3 comments
#465 - Add missing CSP version 3 directives
Pull Request -
State: closed - Opened by ggalmazor over 3 years ago
- 7 comments
#464 - modify lists in place instead of returning new objects
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
#463 - use un-rolled method for duplciating configs instead of serializing to and from hash
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
- 1 comment
#462 - [micro-optimization] use regexp.match instead of =~
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
#461 - Don't reference the request object until after the application stack has run
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
#460 - Add ability to cache default header set
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
- 1 comment
#459 - Setting SameSite cookie attribute conditionally
Issue -
State: closed - Opened by arashb31 over 3 years ago
- 4 comments
#452 - Add disable_minification option to CSP config to bypass any post-processing of config data
Pull Request -
State: closed - Opened by oreoshake over 3 years ago
- 3 comments
#451 - Deadlink in readme file in this repo to https://github.com/sourceclear/headlines which does not exist - Status code [404:NotFound]
Pull Request -
State: closed - Opened by MrCull almost 4 years ago
#450 - Add simple static configuration option for bypassing application of all security headers
Issue -
State: open - Opened by h0jeZvgoxFepBQ2C almost 4 years ago
- 5 comments
#449 - How to enforce secure cookies
Issue -
State: closed - Opened by alexanderadam almost 4 years ago
- 4 comments
#448 - Validation on plugin-types does not allow for the empty directive
Issue -
State: open - Opened by oreoshake almost 4 years ago
#447 - CSP and google tag manager
Issue -
State: closed - Opened by mateo9 about 4 years ago
- 1 comment
#446 - Minor improvements to 6.0 upgrade doc [ci skip]
Pull Request -
State: closed - Opened by carlosantoniodasilva about 4 years ago
#445 - omniauth and session
Issue -
State: closed - Opened by Eth3rnit3 about 4 years ago
- 5 comments
#444 - Add test to exercise override opting out without default_src
Pull Request -
State: open - Opened by rafaelfranca about 4 years ago
- 6 comments
#443 - Fix ruby 2.7 deprecation warnings with **
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#442 - Ruby 2.7 compatibility
Issue -
State: closed - Opened by oreoshake over 4 years ago
#441 - Fetch Metadata Browser Headers
Issue -
State: open - Opened by ThunderSon over 4 years ago
- 1 comment
#440 - replace references to 'master' with 'main' to reflect new branch strategy
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#439 - Should x-xss-protection default to “0” instead of “1; mode=block”
Issue -
State: closed - Opened by oreoshake over 4 years ago
- 12 comments
#438 - how to allow all iframe for any sites?
Issue -
State: closed - Opened by RohitVenturit over 4 years ago
- 1 comment
#437 - Ignoring CSP on some formats
Issue -
State: closed - Opened by paul-mesnilgrente over 4 years ago
- 1 comment
#436 - Raise on override defined config
Pull Request -
State: closed - Opened by jobertabma over 4 years ago
- 2 comments
#435 - Overriding the same override leads to ???
Issue -
State: closed - Opened by oreoshake over 4 years ago
Labels: bug, good first issue
#434 - CSP ["https://*"] or ["http://*"] will be transferred to ["*"]
Issue -
State: closed - Opened by zhengxiangyue over 4 years ago
- 3 comments
#433 - DEPRECATION WARNING when set csp report_only: true, 3.9.0
Issue -
State: closed - Opened by zhengxiangyue over 4 years ago
- 1 comment
#432 - Fix or remove support for automatically-computed CSP hashes
Issue -
State: open - Opened by chongfai13 over 4 years ago
- 13 comments
#431 - How to display the csp setting at Chrome Response Headers?
Issue -
State: closed - Opened by chongfai13 over 4 years ago
- 3 comments
#430 - Add rubocop-performance gem and config to fix deprecation message
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#429 - Fix "Input 'version' has been deprecated…
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#428 - Add GitHub actions CI setup
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#427 - Add twitter-archive fork reference
Pull Request -
State: closed - Opened by kaoudis over 4 years ago
Labels: documentation
#426 - secure_headers is moving!
Issue -
State: closed - Opened by kaoudis over 4 years ago
- 1 comment
#425 - How to remove X-Frame-Options header from a response
Issue -
State: closed - Opened by vmarquet over 4 years ago
- 1 comment
#424 - bundler_audit found vulnerability in both v3.8.0 and v3.9.0
Issue -
State: closed - Opened by marinfr over 4 years ago
- 10 comments
#422 - Move semicolon/newline handling to validation and raise errors
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
- 6 comments
#421 - escape semicolons by replacing them with spaces for 5.x line
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#420 - Escape semi colons in directive source lists in 3.x releases
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
#414 - Add support for SameSite=None
Pull Request -
State: closed - Opened by oreoshake over 4 years ago
- 5 comments
#411 - Handle invalid Set-Cookie headers more gracefully (in the presence of a blank cookie-av value)
Pull Request -
State: closed - Opened by geoffyoungs almost 5 years ago
- 2 comments
#407 - Webpacker `javascript_packs_with_chunks_tag` support
Issue -
State: open - Opened by seanders about 5 years ago
- 2 comments
#400 - Replace cookie internals with CookiesAndCream
Issue -
State: closed - Opened by oreoshake over 5 years ago
- 2 comments
#394 - Confirm feature parity with secure_headers <=> rails vanilla
Issue -
State: open - Opened by oreoshake about 6 years ago
- 2 comments
#369 - expect-ct is undocumented
Issue -
State: closed - Opened by oreoshake almost 7 years ago
- 1 comment
Labels: easy, good first issue