File tree Expand file tree Collapse file tree 2 files changed +6
-6
lines changed
Expand file tree Collapse file tree 2 files changed +6
-6
lines changed Original file line number Diff line number Diff line change @@ -147,7 +147,7 @@ def header_hash_for(request)
147147
148148 if request . scheme != HTTPS
149149 headers . delete ( StrictTransportSecurity ::HEADER_NAME )
150-
150+
151151 # Remove upgrade_insecure_requests from CSP headers for HTTP requests
152152 # as it doesn't make sense to upgrade requests when the page itself is served over HTTP
153153 if !config . csp . opt_out? && config . csp . directive_value ( ContentSecurityPolicy ::UPGRADE_INSECURE_REQUESTS )
@@ -156,7 +156,7 @@ def header_hash_for(request)
156156 header_name , value = ContentSecurityPolicy . make_header ( modified_csp_config )
157157 headers [ header_name ] = value if header_name && value
158158 end
159-
159+
160160 if !config . csp_report_only . opt_out? && config . csp_report_only . directive_value ( ContentSecurityPolicy ::UPGRADE_INSECURE_REQUESTS )
161161 modified_csp_report_only_config = config . csp_report_only . dup
162162 modified_csp_report_only_config . update_directive ( ContentSecurityPolicy ::UPGRADE_INSECURE_REQUESTS , false )
Original file line number Diff line number Diff line change @@ -446,7 +446,7 @@ module SecureHeaders
446446 upgrade_insecure_requests : true
447447 }
448448 end
449-
449+
450450 plaintext_request = Rack ::Request . new ( { } )
451451 hash = SecureHeaders . header_hash_for ( plaintext_request )
452452 expect ( hash [ ContentSecurityPolicyConfig ::HEADER_NAME ] ) . to eq ( "default-src 'self'; script-src 'self'" )
@@ -462,7 +462,7 @@ module SecureHeaders
462462 upgrade_insecure_requests : true
463463 }
464464 end
465-
465+
466466 https_request = Rack ::Request . new ( "HTTPS" => "on" )
467467 hash = SecureHeaders . header_hash_for ( https_request )
468468 expect ( hash [ ContentSecurityPolicyConfig ::HEADER_NAME ] ) . to eq ( "default-src 'self'; script-src 'self'; upgrade-insecure-requests" )
@@ -477,7 +477,7 @@ module SecureHeaders
477477 upgrade_insecure_requests : true
478478 }
479479 end
480-
480+
481481 plaintext_request = Rack ::Request . new ( { } )
482482 hash = SecureHeaders . header_hash_for ( plaintext_request )
483483 expect ( hash [ ContentSecurityPolicyReportOnlyConfig ::HEADER_NAME ] ) . to eq ( "default-src 'self'; script-src 'self'" )
@@ -493,7 +493,7 @@ module SecureHeaders
493493 upgrade_insecure_requests : true
494494 }
495495 end
496-
496+
497497 https_request = Rack ::Request . new ( "HTTPS" => "on" )
498498 hash = SecureHeaders . header_hash_for ( https_request )
499499 expect ( hash [ ContentSecurityPolicyReportOnlyConfig ::HEADER_NAME ] ) . to eq ( "default-src 'self'; script-src 'self'; upgrade-insecure-requests" )
You can’t perform that action at this time.
0 commit comments