Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / github/secure_headers issues and pull requests

#438 - how to allow all iframe for any sites?

Issue - State: closed - Opened by RohitVenturit almost 5 years ago - 1 comment

#437 - Ignoring CSP on some formats

Issue - State: closed - Opened by paul-mesnilgrente almost 5 years ago - 1 comment

#436 - Raise on override defined config

Pull Request - State: closed - Opened by jobertabma almost 5 years ago - 2 comments

#435 - Overriding the same override leads to ???

Issue - State: closed - Opened by oreoshake almost 5 years ago
Labels: bug, good first issue

#434 - CSP ["https://*"] or ["http://*"] will be transferred to ["*"]

Issue - State: closed - Opened by zhengxiangyue almost 5 years ago - 3 comments

#433 - DEPRECATION WARNING when set csp report_only: true, 3.9.0

Issue - State: closed - Opened by zhengxiangyue almost 5 years ago - 1 comment

#432 - Fix or remove support for automatically-computed CSP hashes

Issue - State: open - Opened by chongfai13 almost 5 years ago - 13 comments

#431 - How to display the csp setting at Chrome Response Headers?

Issue - State: closed - Opened by chongfai13 almost 5 years ago - 3 comments

#430 - Add rubocop-performance gem and config to fix deprecation message

Pull Request - State: closed - Opened by oreoshake about 5 years ago

#429 - Fix "Input 'version' has been deprecated…

Pull Request - State: closed - Opened by oreoshake about 5 years ago

#428 - Add GitHub actions CI setup

Pull Request - State: closed - Opened by oreoshake about 5 years ago

#427 - Add twitter-archive fork reference

Pull Request - State: closed - Opened by kaoudis about 5 years ago
Labels: documentation

#426 - secure_headers is moving!

Issue - State: closed - Opened by kaoudis about 5 years ago - 1 comment

#425 - How to remove X-Frame-Options header from a response

Issue - State: closed - Opened by vmarquet about 5 years ago - 1 comment

#424 - bundler_audit found vulnerability in both v3.8.0 and v3.9.0

Issue - State: closed - Opened by marinfr about 5 years ago - 10 comments

#422 - Move semicolon/newline handling to validation and raise errors

Pull Request - State: closed - Opened by oreoshake about 5 years ago - 6 comments

#421 - escape semicolons by replacing them with spaces for 5.x line

Pull Request - State: closed - Opened by oreoshake about 5 years ago

#420 - Escape semi colons in directive source lists in 3.x releases

Pull Request - State: closed - Opened by oreoshake about 5 years ago

#414 - Add support for SameSite=None

Pull Request - State: closed - Opened by oreoshake about 5 years ago - 5 comments

#407 - Webpacker `javascript_packs_with_chunks_tag` support

Issue - State: open - Opened by seanders over 5 years ago - 2 comments

#400 - Replace cookie internals with CookiesAndCream

Issue - State: closed - Opened by oreoshake almost 6 years ago - 2 comments

#394 - Confirm feature parity with secure_headers <=> rails vanilla

Issue - State: open - Opened by oreoshake over 6 years ago - 2 comments

#369 - expect-ct is undocumented

Issue - State: closed - Opened by oreoshake over 7 years ago - 1 comment
Labels: easy, good first issue

#350 - Implement strict-dynamic alongside URL allowlists

Issue - State: closed - Opened by akashdotsrivastava over 7 years ago - 2 comments

#348 - Don't upgrade insecure requests when the page is served over HTTP

Issue - State: open - Opened by guiprav over 7 years ago - 9 comments
Labels: bug, 3.x, 4.x

#346 - Prevent global cookie OPT_OUT from blowing up in middleware

Pull Request - State: closed - Opened by oreoshake over 7 years ago - 1 comment

#331 - Cross-Origin Resource Sharing (CORS)

Issue - State: closed - Opened by somethingnew2-0 over 7 years ago - 4 comments
Labels: feature

#323 - Handle setting multiple headers of the same name (by using a comma-separate list)

Issue - State: open - Opened by oreoshake almost 8 years ago - 5 comments
Labels: enhancement, feature

#318 - Dynamic referrer-policy headers

Issue - State: open - Opened by oreoshake almost 8 years ago - 1 comment
Labels: feature

#317 - Source Deduplication Doesn't Take Schemes into Account

Issue - State: closed - Opened by belenko almost 8 years ago - 6 comments
Labels: bug

#280 - Add a collaborator to this project

Issue - State: closed - Opened by oreoshake over 8 years ago - 12 comments

#277 - Add support for cookie-scope directive

Issue - State: closed - Opened by oreoshake over 8 years ago - 1 comment
Labels: draft-spec, waiting-on-browser-impl

#275 - Add support for Permissions-Policy header

Issue - State: open - Opened by oreoshake over 8 years ago - 13 comments

#273 - Add instructions for Rails 5 confusion?

Issue - State: closed - Opened by csuhta over 8 years ago - 9 comments
Labels: bug

#271 - add support for 'require-sri-for' CSP directive

Pull Request - State: closed - Opened by oreoshake over 8 years ago - 3 comments
Labels: waiting-on-browser-impl

#269 - report-uri is deprecated in favor of report-to

Issue - State: closed - Opened by connorshea over 8 years ago - 6 comments
Labels: draft-spec, good first issue