You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: upgrading-to-3-0.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,6 +8,7 @@ Changes
8
8
| Global configuration |`SecureHeaders::Configuration.configure` block |`SecureHeaders::Configuration.default` block |
9
9
| All headers besides HPKP and CSP | Accept hashes as config values | Must be strings (validated during configuration) |
10
10
| CSP directive values | Accepted space delimited strings OR arrays of strings | Must be arrays of strings |
11
+
| CSP Nonce values in views | `@content_security_policy_nonce` | `content_security_policy_script_nonce` or `content_security_policy_style_nonce`
11
12
|`self`/`none` source expressions | could be `self` / `none` / `'self'` / `'none'`| Must be `'self'` or `'none'`|
12
13
|`inline` / `eval` source expressions | could be `inline`, `eval`, `'unsafe-inline'`, or `'unsafe-eval'`| Must be `'unsafe-eval'` or `'unsafe-inline'`|
13
14
| Per-action configuration | override [`def secure_header_options_for(header, options)`](https://github.com/twitter/secureheaders/commit/bb9ebc6c12a677aad29af8e0f08ffd1def56efec#diff-04c6e90faac2675aa89e2176d2eec7d8R111)| Use [named overrides](https://github.com/twitter/secureheaders#named-overrides) or [per-action helpers](https://github.com/twitter/secureheaders#per-action-configuration)|
0 commit comments