Skip to content

Commit f69a12e

Browse files
rei-moorei-moo
committed
Layout/SpaceInsideHashLiteralBraces
1 parent ba65c57 commit f69a12e

File tree

6 files changed

+34
-37
lines changed

6 files changed

+34
-37
lines changed

.rubocop.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,6 @@ AllCops:
77
TargetRubyVersion: 2.6
88

99
# Disable cops that are not consistently available across all Ruby versions
10-
Layout/SpaceInsideHashLiteralBraces:
11-
Enabled: false
12-
1310
Lint/ParenthesesAsGroupedExpression:
1411
Enabled: false
1512

spec/lib/secure_headers/configuration_spec.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ module SecureHeaders
9999
end
100100

101101
it "gives cookies a default config" do
102-
expect(Configuration.default.cookies).to eq({httponly: true, secure: true, samesite: {lax: true}})
102+
expect(Configuration.default.cookies).to eq({ httponly: true, secure: true, samesite: { lax: true } })
103103
end
104104

105105
it "allows OPT_OUT" do
@@ -113,11 +113,11 @@ module SecureHeaders
113113

114114
it "allows me to be explicit too" do
115115
Configuration.default do |config|
116-
config.cookies = {httponly: true, secure: true, samesite: {lax: false}}
116+
config.cookies = { httponly: true, secure: true, samesite: { lax: false } }
117117
end
118118

119119
config = Configuration.dup
120-
expect(config.cookies).to eq({httponly: true, secure: true, samesite: {lax: false}})
120+
expect(config.cookies).to eq({ httponly: true, secure: true, samesite: { lax: false } })
121121
end
122122
end
123123
end

spec/lib/secure_headers/headers/content_security_policy_spec.rb

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -167,47 +167,47 @@ module SecureHeaders
167167
end
168168

169169
it "supports strict-dynamic" do
170-
csp = ContentSecurityPolicy.new({default_src: %w('self'), script_src: [ContentSecurityPolicy::STRICT_DYNAMIC], script_nonce: 123456})
170+
csp = ContentSecurityPolicy.new({ default_src: %w('self'), script_src: [ContentSecurityPolicy::STRICT_DYNAMIC], script_nonce: 123456 })
171171
expect(csp.value).to eq("default-src 'self'; script-src 'strict-dynamic' 'nonce-123456' 'unsafe-inline'")
172172
end
173173

174174
it "supports strict-dynamic and opting out of the appended 'unsafe-inline'" do
175-
csp = ContentSecurityPolicy.new({default_src: %w('self'), script_src: [ContentSecurityPolicy::STRICT_DYNAMIC], script_nonce: 123456, disable_nonce_backwards_compatibility: true })
175+
csp = ContentSecurityPolicy.new({ default_src: %w('self'), script_src: [ContentSecurityPolicy::STRICT_DYNAMIC], script_nonce: 123456, disable_nonce_backwards_compatibility: true })
176176
expect(csp.value).to eq("default-src 'self'; script-src 'strict-dynamic' 'nonce-123456'")
177177
end
178178

179179
it "supports script-src-elem directive" do
180-
csp = ContentSecurityPolicy.new({script_src: %w('self'), script_src_elem: %w('self')})
180+
csp = ContentSecurityPolicy.new({ script_src: %w('self'), script_src_elem: %w('self') })
181181
expect(csp.value).to eq("script-src 'self'; script-src-elem 'self'")
182182
end
183183

184184
it "supports script-src-attr directive" do
185-
csp = ContentSecurityPolicy.new({script_src: %w('self'), script_src_attr: %w('self')})
185+
csp = ContentSecurityPolicy.new({ script_src: %w('self'), script_src_attr: %w('self') })
186186
expect(csp.value).to eq("script-src 'self'; script-src-attr 'self'")
187187
end
188188

189189
it "supports style-src-elem directive" do
190-
csp = ContentSecurityPolicy.new({style_src: %w('self'), style_src_elem: %w('self')})
190+
csp = ContentSecurityPolicy.new({ style_src: %w('self'), style_src_elem: %w('self') })
191191
expect(csp.value).to eq("style-src 'self'; style-src-elem 'self'")
192192
end
193193

194194
it "supports style-src-attr directive" do
195-
csp = ContentSecurityPolicy.new({style_src: %w('self'), style_src_attr: %w('self')})
195+
csp = ContentSecurityPolicy.new({ style_src: %w('self'), style_src_attr: %w('self') })
196196
expect(csp.value).to eq("style-src 'self'; style-src-attr 'self'")
197197
end
198198

199199
it "supports trusted-types directive" do
200-
csp = ContentSecurityPolicy.new({trusted_types: %w(blahblahpolicy)})
200+
csp = ContentSecurityPolicy.new({ trusted_types: %w(blahblahpolicy) })
201201
expect(csp.value).to eq("trusted-types blahblahpolicy")
202202
end
203203

204204
it "supports trusted-types directive with 'none'" do
205-
csp = ContentSecurityPolicy.new({trusted_types: %w('none')})
205+
csp = ContentSecurityPolicy.new({ trusted_types: %w('none') })
206206
expect(csp.value).to eq("trusted-types 'none'")
207207
end
208208

209209
it "allows duplicate policy names in trusted-types directive" do
210-
csp = ContentSecurityPolicy.new({trusted_types: %w(blahblahpolicy 'allow-duplicates')})
210+
csp = ContentSecurityPolicy.new({ trusted_types: %w(blahblahpolicy 'allow-duplicates') })
211211
expect(csp.value).to eq("trusted-types blahblahpolicy 'allow-duplicates'")
212212
end
213213
end

spec/lib/secure_headers/headers/cookie_spec.rb

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ module SecureHeaders
3535

3636
context "when configured with a Hash" do
3737
it "flags cookies as Secure when whitelisted" do
38-
cookie = Cookie.new(raw_cookie, secure: { only: ["_session"]}, httponly: OPT_OUT, samesite: OPT_OUT)
38+
cookie = Cookie.new(raw_cookie, secure: { only: ["_session"] }, httponly: OPT_OUT, samesite: OPT_OUT)
3939
expect(cookie.to_s).to eq("_session=thisisatest; secure")
4040
end
4141

@@ -56,7 +56,7 @@ module SecureHeaders
5656

5757
context "when configured with a Hash" do
5858
it "flags cookies as HttpOnly when whitelisted" do
59-
cookie = Cookie.new(raw_cookie, httponly: { only: ["_session"]}, secure: OPT_OUT, samesite: OPT_OUT)
59+
cookie = Cookie.new(raw_cookie, httponly: { only: ["_session"] }, secure: OPT_OUT, samesite: OPT_OUT)
6060
expect(cookie.to_s).to eq("_session=thisisatest; HttpOnly")
6161
end
6262

@@ -75,7 +75,7 @@ module SecureHeaders
7575
end
7676

7777
it "flags SameSite=#{flag} when configured with a boolean" do
78-
cookie = Cookie.new(raw_cookie, samesite: { flag.downcase.to_sym => true}, secure: OPT_OUT, httponly: OPT_OUT)
78+
cookie = Cookie.new(raw_cookie, samesite: { flag.downcase.to_sym => true }, secure: OPT_OUT, httponly: OPT_OUT)
7979
expect(cookie.to_s).to eq("_session=thisisatest; SameSite=#{flag}")
8080
end
8181

@@ -86,7 +86,7 @@ module SecureHeaders
8686
end
8787

8888
it "flags SameSite=Strict when configured with a boolean" do
89-
cookie = Cookie.new(raw_cookie, {samesite: { strict: true}, secure: OPT_OUT, httponly: OPT_OUT})
89+
cookie = Cookie.new(raw_cookie, { samesite: { strict: true }, secure: OPT_OUT, httponly: OPT_OUT })
9090
expect(cookie.to_s).to eq("_session=thisisatest; SameSite=Strict")
9191
end
9292

@@ -146,7 +146,7 @@ module SecureHeaders
146146
(cookie_options - [flag]).each do |other_flag|
147147
it "raises an exception when SameSite #{flag} and #{other_flag} enforcement modes are configured with booleans" do
148148
expect do
149-
Cookie.validate_config!(samesite: { flag => true, other_flag => true})
149+
Cookie.validate_config!(samesite: { flag => true, other_flag => true })
150150
end.to raise_error(CookiesConfigError)
151151
end
152152
end

spec/lib/secure_headers/middleware_spec.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ module SecureHeaders
4242
end
4343
context "cookies should be flagged" do
4444
it "flags cookies as secure" do
45-
Configuration.default { |config| config.cookies = {secure: true, httponly: OPT_OUT, samesite: OPT_OUT} }
45+
Configuration.default { |config| config.cookies = { secure: true, httponly: OPT_OUT, samesite: OPT_OUT } }
4646
request = Rack::Request.new("HTTPS" => "on")
4747
_, env = cookie_middleware.call request.env
4848
expect(env["Set-Cookie"]).to eq("foo=bar; secure")
@@ -62,7 +62,7 @@ module SecureHeaders
6262

6363
context "cookies should not be flagged" do
6464
it "does not flags cookies as secure" do
65-
Configuration.default { |config| config.cookies = {secure: OPT_OUT, httponly: OPT_OUT, samesite: OPT_OUT} }
65+
Configuration.default { |config| config.cookies = { secure: OPT_OUT, httponly: OPT_OUT, samesite: OPT_OUT } }
6666
request = Rack::Request.new("HTTPS" => "on")
6767
_, env = cookie_middleware.call request.env
6868
expect(env["Set-Cookie"]).to eq("foo=bar")
@@ -75,7 +75,7 @@ module SecureHeaders
7575
reset_config
7676
end
7777
it "flags cookies from configuration" do
78-
Configuration.default { |config| config.cookies = { secure: true, httponly: true, samesite: { lax: true} } }
78+
Configuration.default { |config| config.cookies = { secure: true, httponly: true, samesite: { lax: true } } }
7979
request = Rack::Request.new("HTTPS" => "on")
8080
_, env = cookie_middleware.call request.env
8181

@@ -85,7 +85,7 @@ module SecureHeaders
8585
it "flags cookies with a combination of SameSite configurations" do
8686
cookie_middleware = Middleware.new(lambda { |env| [200, env.merge("Set-Cookie" => ["_session=foobar", "_guest=true"]), "app"] })
8787

88-
Configuration.default { |config| config.cookies = { samesite: { lax: { except: ["_session"] }, strict: { only: ["_session"] } }, httponly: OPT_OUT, secure: OPT_OUT} }
88+
Configuration.default { |config| config.cookies = { samesite: { lax: { except: ["_session"] }, strict: { only: ["_session"] } }, httponly: OPT_OUT, secure: OPT_OUT } }
8989
request = Rack::Request.new("HTTPS" => "on")
9090
_, env = cookie_middleware.call request.env
9191

spec/lib/secure_headers_spec.rb

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ module SecureHeaders
5454
describe "#header_hash_for" do
5555
it "allows you to opt out of individual headers via API" do
5656
Configuration.default do |config|
57-
config.csp = { default_src: %w('self'), script_src: %w('self')}
57+
config.csp = { default_src: %w('self'), script_src: %w('self') }
5858
config.csp_report_only = config.csp
5959
end
6060
SecureHeaders.opt_out_of_header(request, :csp)
@@ -174,11 +174,11 @@ module SecureHeaders
174174
end
175175

176176
Configuration.named_append(:moar_default_sources) do |request|
177-
{ default_src: %w(https:), style_src: %w('self')}
177+
{ default_src: %w(https:), style_src: %w('self') }
178178
end
179179

180180
Configuration.named_append(:how_about_a_script_src_too) do |request|
181-
{ script_src: %w('unsafe-inline')}
181+
{ script_src: %w('unsafe-inline') }
182182
end
183183

184184
SecureHeaders.use_content_security_policy_named_append(request, :moar_default_sources)
@@ -318,7 +318,7 @@ module SecureHeaders
318318
default_src: %w('self'),
319319
script_src: %w('self')
320320
}
321-
config.csp_report_only = config.csp.merge({script_src: %w(foo.com)})
321+
config.csp_report_only = config.csp.merge({ script_src: %w(foo.com) })
322322
end
323323

324324
hash = SecureHeaders.header_hash_for(request)
@@ -342,42 +342,42 @@ module SecureHeaders
342342
end
343343

344344
it "allows appending to the enforced policy" do
345-
SecureHeaders.append_content_security_policy_directives(request, {script_src: %w(anothercdn.com)}, :enforced)
345+
SecureHeaders.append_content_security_policy_directives(request, { script_src: %w(anothercdn.com) }, :enforced)
346346
hash = SecureHeaders.header_hash_for(request)
347347
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src 'self' anothercdn.com")
348348
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src 'self'")
349349
end
350350

351351
it "allows appending to the report only policy" do
352-
SecureHeaders.append_content_security_policy_directives(request, {script_src: %w(anothercdn.com)}, :report_only)
352+
SecureHeaders.append_content_security_policy_directives(request, { script_src: %w(anothercdn.com) }, :report_only)
353353
hash = SecureHeaders.header_hash_for(request)
354354
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src 'self'")
355355
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src 'self' anothercdn.com")
356356
end
357357

358358
it "allows appending to both policies" do
359-
SecureHeaders.append_content_security_policy_directives(request, {script_src: %w(anothercdn.com)}, :both)
359+
SecureHeaders.append_content_security_policy_directives(request, { script_src: %w(anothercdn.com) }, :both)
360360
hash = SecureHeaders.header_hash_for(request)
361361
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src 'self' anothercdn.com")
362362
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src 'self' anothercdn.com")
363363
end
364364

365365
it "allows overriding the enforced policy" do
366-
SecureHeaders.override_content_security_policy_directives(request, {script_src: %w(anothercdn.com)}, :enforced)
366+
SecureHeaders.override_content_security_policy_directives(request, { script_src: %w(anothercdn.com) }, :enforced)
367367
hash = SecureHeaders.header_hash_for(request)
368368
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src anothercdn.com")
369369
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src 'self'")
370370
end
371371

372372
it "allows overriding the report only policy" do
373-
SecureHeaders.override_content_security_policy_directives(request, {script_src: %w(anothercdn.com)}, :report_only)
373+
SecureHeaders.override_content_security_policy_directives(request, { script_src: %w(anothercdn.com) }, :report_only)
374374
hash = SecureHeaders.header_hash_for(request)
375375
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src 'self'")
376376
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src anothercdn.com")
377377
end
378378

379379
it "allows overriding both policies" do
380-
SecureHeaders.override_content_security_policy_directives(request, {script_src: %w(anothercdn.com)}, :both)
380+
SecureHeaders.override_content_security_policy_directives(request, { script_src: %w(anothercdn.com) }, :both)
381381
hash = SecureHeaders.header_hash_for(request)
382382
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src anothercdn.com")
383383
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src anothercdn.com")
@@ -392,7 +392,7 @@ module SecureHeaders
392392
script_src: %w('self')
393393
}
394394
end
395-
SecureHeaders.append_content_security_policy_directives(request, {script_src: %w(anothercdn.com)})
395+
SecureHeaders.append_content_security_policy_directives(request, { script_src: %w(anothercdn.com) })
396396

397397
hash = SecureHeaders.header_hash_for(request)
398398
expect(hash["content-security-policy"]).to eq("default-src 'self'; script-src 'self' anothercdn.com")
@@ -408,7 +408,7 @@ module SecureHeaders
408408
script_src: %w('self')
409409
}
410410
end
411-
SecureHeaders.append_content_security_policy_directives(request, {script_src: %w(anothercdn.com)})
411+
SecureHeaders.append_content_security_policy_directives(request, { script_src: %w(anothercdn.com) })
412412

413413
hash = SecureHeaders.header_hash_for(request)
414414
expect(hash["content-security-policy-report-only"]).to eq("default-src 'self'; script-src 'self' anothercdn.com")
@@ -427,7 +427,7 @@ module SecureHeaders
427427
script_src: %w('self')
428428
}
429429
end
430-
SecureHeaders.append_content_security_policy_directives(request, {script_src: %w(anothercdn.com)})
430+
SecureHeaders.append_content_security_policy_directives(request, { script_src: %w(anothercdn.com) })
431431

432432
hash = SecureHeaders.header_hash_for(request)
433433
expect(hash["content-security-policy"]).to eq("default-src enforced.com; script-src 'self' anothercdn.com")

0 commit comments

Comments
 (0)