Commit 7854e14e authored by Benjamin Neff's avatar Benjamin Neff

Bump secure_headers

parent f8c9d2cc
......@@ -152,7 +152,7 @@ gem "string-direction", "1.2.1"
# Security Headers
gem "secure_headers", "3.7.1"
gem "secure_headers", "5.0.5"
# Services
......
......@@ -639,8 +639,8 @@ GEM
scss_lint (0.54.0)
rake (>= 0.9, < 13)
sass (~> 3.4.20)
secure_headers (3.7.1)
useragent
secure_headers (5.0.5)
useragent (>= 0.15.0)
securecompare (1.0.0)
shellany (0.0.1)
shoulda-matchers (3.1.2)
......@@ -730,7 +730,7 @@ GEM
get_process_mem (~> 0)
unicorn (>= 4, < 6)
url_safe_base64 (0.2.2)
useragent (0.16.8)
useragent (0.16.10)
uuid (2.3.8)
macaddr (~> 1.0)
valid (1.2.0)
......@@ -883,7 +883,7 @@ DEPENDENCIES
ruby-oembed (= 0.12.0)
rubyzip (= 1.2.1)
sass-rails (= 5.0.7)
secure_headers (= 3.7.1)
secure_headers (= 5.0.5)
shoulda-matchers (= 3.1.2)
sidekiq (= 5.1.3)
sidekiq-cron (= 0.6.3)
......
......@@ -5,13 +5,13 @@ SecureHeaders::Configuration.default do |config|
csp = {
default_src: %w('none'),
child_src: %w('self' www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com
player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com
www.instagram.com),
connect_src: %w('self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com),
font_src: %w('self'),
form_action: %w('self' platform.twitter.com syndication.twitter.com),
frame_ancestors: %w('self'),
frame_src: %w('self' www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com
player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com
www.instagram.com),
img_src: %w('self' data: *),
media_src: %w(https:),
script_src: %w('self' 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment