Merge pull request #367 from ptoomey3/master

oreoshake · web-flow · commit 9357c7c2d864 · 2017-10-19T07:48:54.000-10:00
Update Expect-CT to use separator in spec
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 5.0.1
+
+- Updates `Expect-CT` header to use a comma separator between directives, as specified in the most current spec.
+
 ## 5.0.0
 
 Well this is a little embarassing. 4.0 was supposed to set the secure/httponly/samesite=lax attributes on cookies by default but it didn't. Now it does. - See the [upgrading to 5.0](docs/upgrading-to-5-0.md) guide.
diff --git a/lib/secure_headers/headers/expect_certificate_transparency.rb b/lib/secure_headers/headers/expect_certificate_transparency.rb
@@ -49,7 +49,7 @@ def value
         enforced_directive,
         max_age_directive,
         report_uri_directive
-      ].compact.join("; ").strip
+      ].compact.join(", ").strip
     end
 
     def enforced_directive
diff --git a/spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb b/spec/lib/secure_headers/headers/expect_certificate_transparency_spec.rb
@@ -3,13 +3,13 @@
 
 module SecureHeaders
   describe ExpectCertificateTransparency do
-    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce; max-age=1234") }
+    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: true).value).to eq("enforce, max-age=1234") }
     specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: false).value).to eq("max-age=1234") }
     specify { expect(ExpectCertificateTransparency.new(max_age: 1234, enforce: "yolocopter").value).to eq("max-age=1234") }
-    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234; report-uri=\"https://report-uri.io/expect-ct\"") }
+    specify { expect(ExpectCertificateTransparency.new(max_age: 1234, report_uri: "https://report-uri.io/expect-ct").value).to eq("max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"") }
     specify do
       config = { enforce: true, max_age: 1234, report_uri: "https://report-uri.io/expect-ct" }
-      header_value = "enforce; max-age=1234; report-uri=\"https://report-uri.io/expect-ct\""
+      header_value = "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\""
       expect(ExpectCertificateTransparency.new(config).value).to eq(header_value)
     end
 
