Loosen header checks for case-insensitivity

[konklone]

I don't have any empirical evidence that sites may use different cases for their headers. I just figure, better safe than sorry.

This also provide a way to easily get at the contents of the specified header with non-? versions of methods. So this adds tests for the new methods as well.

This also fixes an existing bug with secure cookie detection, which probably merits a gem update.

[benbalter]

This also provide a way to easily get at the contents of the specified header with non-? versions of methods.

What's the rationale for that?

Edit See what you did there.

[benbalter]

should you be passing response here?

[konklone]

Er, no. I should not. The tests didn't catch this. I'll fix and update the tests.

[konklone]

I fixed this in a new commit. It adds a test for secure cookies (using github.com) and also flushed out an existing bug with secure cookie detection.

[konklone]

The alternative is to make header_from a publicly documented method, and have developers specify the header string themselves, and I understood the point of the ? methods to abstract that.

I specifically need to capture the value of the HSTS header, to analyze the max-age and includeSubdomains flags contained therein. I could do this with site.response && site.response.headers['Strict-Transport-Security'], but I figured the library was already pretty well poised to do that for me.

[benbalter]

To be DRY perhaps these should be !!click_jacking_protection?

[konklone]

Good call - updated in a new commit. I also merged in the latest changes from master.

[konklone]

I think I've addressed everything - if the build passes, I'm ready to merge it if you are.

[benbalter]

🤘 Thanks. Nice work.