Skip to content

Issues: github/secure_headers

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

23 Open 198 Closed
23 Open 198 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Set default frame-ancestors on default Content-Security-Policy
#532 opened Oct 21, 2024 by rzhade3
2
Remove non necessary files from bundled Ruby Gem good first issue
#531 opened Oct 21, 2024 by rzhade3
1
SecureHeaders middleware erases all cookies in Rack 3 due to \n joining
#514 opened Apr 22, 2024 by collinsauve
1
CSP Report-uri deprecated, replaced by report-to
#512 opened Oct 5, 2023 by martindaehn23
content_security_policy_nonce calls Rails method so CSP does not contain nonce
#511 opened Sep 20, 2023 by jdudley1123
2
Set default-src CSP Attribute to none by default
#482 opened Apr 5, 2022 by rzhade3 v7
1
Support CSP "double policies"
#476 opened Feb 16, 2022 by rohansharma
nonced tag helpers including nonce directive in csp has potential to break applications
#470 opened Mar 23, 2021 by pcasaretto
1
17
Guide for transitioning from secure_headers to vanilla rails csp
#466 opened Feb 12, 2021 by oreoshake
3
Add simple static configuration option for bypassing application of all security headers
#450 opened Dec 15, 2020 by h0jeZvgoxFepBQ2C
5
Validation on plugin-types does not allow for the empty directive
#448 opened Oct 23, 2020 by oreoshake
Fetch Metadata Browser Headers
#441 opened Jun 15, 2020 by ThunderSon
1
Fix or remove support for automatically-computed CSP hashes
#432 opened Feb 25, 2020 by chongfai13
13
Webpacker javascript_packs_with_chunks_tag support
#407 opened Jul 24, 2019 by seanders
2
Stricter validation on samesite configuration
#398 opened Sep 28, 2018 by vcsjones
1
Confirm feature parity with secure_headers <=> rails vanilla
#394 opened Jul 19, 2018 by oreoshake
4 tasks
2
Remove logic that modifies policies in unexpected ways? question
#385 opened Jan 24, 2018 by oreoshake
2
report-uri sample rate
#379 opened Jan 14, 2018 by jacobbednarz
4
CSP sources are incorrectly removed when both wildcards and schemes are present
#376 opened Nov 29, 2017 by tessereth
5
Don't upgrade insecure requests when the page is served over HTTP 3.x 4.x bug
#348 opened Jul 28, 2017 by guiprav
9
Handle setting multiple headers of the same name (by using a comma-separate list) enhancement feature
#323 opened Apr 12, 2017 by oreoshake
5
Dynamic referrer-policy headers feature
#318 opened Mar 2, 2017 by oreoshake
1
Add support for Permissions-Policy header
#275 opened Jul 20, 2016 by oreoshake
13
ProTip! Adding no:label will show everything without a label.