-
-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loosen header checks for case-insensitivity #10
Conversation
Also provide a way to easily get at the contents of the specified header. This adds tests for the new methods.
Edit See what you did there. |
end | ||
|
||
def secure_cookies? | ||
return nil if !response || !has_cookies? | ||
cookie = response.headers["Set-Cookie"] | ||
cookie = header_from(response, "Set-Cookie") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should you be passing response here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Er, no. I should not. The tests didn't catch this. I'll fix and update the tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fixed this in a new commit. It adds a test for secure cookies (using github.com
) and also flushed out an existing bug with secure cookie detection.
The alternative is to make I specifically need to capture the value of the HSTS header, to analyze the |
!!header_from("Content-Security-Policy") | ||
end | ||
|
||
def click_jacking_protection? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be DRY perhaps these should be !!click_jacking_protection
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call - updated in a new commit. I also merged in the latest changes from master.
I think I've addressed everything - if the build passes, I'm ready to merge it if you are. |
🤘 Thanks. Nice work. |
Loosen header checks for case-insensitivity
I don't have any empirical evidence that sites may use different cases for their headers. I just figure, better safe than sorry.
This also provide a way to easily get at the contents of the specified header with non-
?
versions of methods. So this adds tests for the new methods as well.This also fixes an existing bug with secure cookie detection, which probably merits a gem update.