Группа :: Разработка/Ruby
Пакет: gem-secure-headers
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Текущая версия: 6.3.2-alt1
Время сборки: 2 сентября 2021, 09:04 ( 137.0 недели назад )
Размер архива: 50.21 Kb
Домашняя страница: https://github.com/twitter/secureheaders
Лицензия: Apache Public License 2.0
О пакете: Manages application of security headers with many safe defaults
Описание:
Список всех майнтейнеров, принимавших участие
в данной и/или предыдущих сборках пакета: Список rpm-пакетов, предоставляемый данным srpm-пакетом:
ACL:
Время сборки: 2 сентября 2021, 09:04 ( 137.0 недели назад )
Размер архива: 50.21 Kb
Домашняя страница: https://github.com/twitter/secureheaders
Лицензия: Apache Public License 2.0
О пакете: Manages application of security headers with many safe defaults
Описание:
main branch represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x
doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes
should go in the 5.x branch for now.
The gem will automatically apply several headers that are related to security.
This includes:
* Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and
other classes of attack. CSP 2 Specification
* https://csp.withgoogle.com
* https://csp.withgoogle.com/docs/strict-csp.html
* https://csp-evaluator.withgoogle.com
* HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the
http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS
Specification
* X-Frame-Options (XFO) - Prevents your content from being framed and
potentially clickjacked. X-Frame-Options Specification
* X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
* X-Content-Type-Options - Prevent content type sniffing
* X-Download-Options - Prevent file downloads opening
* X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to
data
* Referrer-Policy - Referrer Policy draft
* Expect-CT - Only use certificates that are present in the certificate
transparency logs. Expect-CT draft specification.
* Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data
specification.
It can also mark all http cookies with the Secure, HttpOnly and SameSite
attributes. This is on default but can be turned off by using
'config.cookies = SecureHeaders::OPT_OUT'.
secure_headers is a library with a global config, per request overrides, and
rack middleware that enables you customize your application settings.
Текущий майнтейнер: Ruby Maintainers Team doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes
should go in the 5.x branch for now.
The gem will automatically apply several headers that are related to security.
This includes:
* Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and
other classes of attack. CSP 2 Specification
* https://csp.withgoogle.com
* https://csp.withgoogle.com/docs/strict-csp.html
* https://csp-evaluator.withgoogle.com
* HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the
http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS
Specification
* X-Frame-Options (XFO) - Prevents your content from being framed and
potentially clickjacked. X-Frame-Options Specification
* X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
* X-Content-Type-Options - Prevent content type sniffing
* X-Download-Options - Prevent file downloads opening
* X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to
data
* Referrer-Policy - Referrer Policy draft
* Expect-CT - Only use certificates that are present in the certificate
transparency logs. Expect-CT draft specification.
* Clear-Site-Data - Clearing browser data for origin. Clear-Site-Data
specification.
It can also mark all http cookies with the Secure, HttpOnly and SameSite
attributes. This is on default but can be turned off by using
'config.cookies = SecureHeaders::OPT_OUT'.
secure_headers is a library with a global config, per request overrides, and
rack middleware that enables you customize your application settings.
Список всех майнтейнеров, принимавших участие
в данной и/или предыдущих сборках пакета: Список rpm-пакетов, предоставляемый данным srpm-пакетом:
- gem-secure-headers
- gem-secure-headers-doc
- gem-secure-headers-devel