Merge pull request #100 from nealharris/neal-gracefully-parse-uris

same_origin? returns false for bad URIs

Author: oreoshake

lib/secure_headers/headers/content_security_policy.rb

@@ -177,8 +177,13 @@ def normalize_reporting_endpoint
     def same_origin?
       return unless report_uri && request_uri
 
-      origin = URI.parse(request_uri)
-      uri = URI.parse(report_uri)
+      begin
+        origin = URI.parse(request_uri)
+        uri = URI.parse(report_uri)
+      rescue URI::InvalidURIError
+        return false
+      end
+
       uri.host == origin.host && origin.port == uri.port && origin.scheme == uri.scheme
     end