Group :: Desenvolvimento/Ruby
RPM: gem-secure-headers
Principal Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
A versão atual: 6.3.2-alt1
Data da compilação: 2 setembro 2021, 09:04 ( 137.2 weeks ago )
Tamanho:: 50.21 Kb
Home page: https://github.com/twitter/secureheaders
Licença: Apache Public License 2.0
Sumário: Manages application of security headers with many safe defaults
Descrição:
Lista dos contribuidores Lista dos rpms provida por esta srpm:
ACL:
Data da compilação: 2 setembro 2021, 09:04 ( 137.2 weeks ago )
Tamanho:: 50.21 Kb
Home page: https://github.com/twitter/secureheaders
Licença: Apache Public License 2.0
Sumário: Manages application of security headers with many safe defaults
Descrição:
main branch represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x
doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes
should go in the 5.x branch for now.
The gem will automatically apply several headers that are related to security.
This includes:
* Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and
other classes of attack. CSP 2 Specification
* https://csp.withgoogle.com
* https://csp.withgoogle.com/docs/strict-csp.html
* https://csp-evaluator.withgoogle.com
* HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the
http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS
Specification
* X-Frame-Options (XFO) - Prevents your content from being framed and
potentially clickjacked. X-Frame-Options Specification
* X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
* X-Content-Type-Options - Prevent content type sniffing
* X-Download-Options - Prevent file downloads opening
* X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to
data
* Referrer-Policy - Referrer Policy draft
* Expect-CT - Only use certificates that are present in the certificate
transparency logs. Expect-CT draft specification.
* Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data
specification.
It can also mark all http cookies with the Secure, HttpOnly and SameSite
attributes. This is on default but can be turned off by using
'config.cookies = SecureHeaders::OPT_OUT'.
secure_headers is a library with a global config, per request overrides, and
rack middleware that enables you customize your application settings.
Mantenedor currente: Ruby Maintainers Team doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes
should go in the 5.x branch for now.
The gem will automatically apply several headers that are related to security.
This includes:
* Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and
other classes of attack. CSP 2 Specification
* https://csp.withgoogle.com
* https://csp.withgoogle.com/docs/strict-csp.html
* https://csp-evaluator.withgoogle.com
* HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the
http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS
Specification
* X-Frame-Options (XFO) - Prevents your content from being framed and
potentially clickjacked. X-Frame-Options Specification
* X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
* X-Content-Type-Options - Prevent content type sniffing
* X-Download-Options - Prevent file downloads opening
* X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to
data
* Referrer-Policy - Referrer Policy draft
* Expect-CT - Only use certificates that are present in the certificate
transparency logs. Expect-CT draft specification.
* Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data
specification.
It can also mark all http cookies with the Secure, HttpOnly and SameSite
attributes. This is on default but can be turned off by using
'config.cookies = SecureHeaders::OPT_OUT'.
secure_headers is a library with a global config, per request overrides, and
rack middleware that enables you customize your application settings.
Lista dos contribuidores Lista dos rpms provida por esta srpm:
- gem-secure-headers
- gem-secure-headers-doc
- gem-secure-headers-devel