Skip to content

Commit

Permalink
Opting out of all protection would raise an exception because the ide…
Browse files Browse the repository at this point in the history
…mpotency check was wrong
  • Loading branch information
oreoshake committed Mar 28, 2016
1 parent 171ca58 commit 0358c8e
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions lib/secure_headers/configuration.rb
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ def add_noop_configuration
ALL_HEADER_CLASSES.each do |klass|
config.send("#{klass::CONFIG_KEY}=", OPT_OUT)
end
config.dynamic_csp = OPT_OUT
end

add_configuration(NOOP_CONFIGURATION, noop_config)
Expand Down
1 change: 1 addition & 0 deletions lib/secure_headers/headers/policy_management.rb
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ def validate_config!(config)
# additions = { script_src: %w(google.com)} then idempotent_additions? would return
# because google.com is already in the config.
def idempotent_additions?(config, additions)
return true if config == OPT_OUT && additions == OPT_OUT
return false if config == OPT_OUT
config == combine_policies(config, additions)
end
Expand Down
1 change: 1 addition & 0 deletions spec/lib/secure_headers_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ module SecureHeaders
ALL_HEADER_CLASSES.each do |klass|
expect(hash[klass::CONFIG_KEY]).to be_nil
end
expect(hash.count).to eq(0)
end

it "allows you to override X-Frame-Options settings" do
Expand Down

0 comments on commit 0358c8e

Please sign in to comment.