v7.0.0

Release notes

What's Changed

• Update default X-XSS-Protection value to 0 by @rzhade3 in #479

New Contributors

• @boveus made their first contribution in #520
• @rzhade3 made their first contribution in #479
• @vcsjones made their first contribution in #521

Full Changelog: v6.7.0...v7.0.0

Increase performance of SecureSecurityPolicyConfig

What's Changed

• Make SecureSecurityPolicyConfig significantly faster by @jhawthorn in #506
• Note: If you are accessing values on SecureSecurityPolicyConfig as ivars, you will need to change this to hash access.

New Contributors

• @jhawthorn made their first contribution in #506

Full Changelog: v6.6.0...v6.7.0

v6.6.0

• CSP: Removed deprecated header block-all-mixed-content and replaced it with a recommendation to use the already supported upgrade-insecure-requests instead.

v6.5.0

v6.5.0 (#501)

Release notes:

- CSP: Remove source expression deduplication. (@lgarron)
https://github.com/github/secure_headers/pull/499

v6.4.0

• CSP: Add support for trusted-types, require-trusted-types-for directive (@JackMc): #486

https://github.com/github/secure_headers/blob/v6.4.0/CHANGELOG.md

v6.3.4

• CSP: Do not deduplicate alternate schema source expressions (@keithamus): #478

https://github.com/github/secure_headers/blob/v6.3.4/CHANGELOG.md

v6.3.3

• Fix hash generation for indented helper methods (@rahearn)

For more details, see https://github.com/github/secure_headers/blob/v6.3.3/CHANGELOG.md

v6.3.2

Release notes:

• Add support for style-src-attr, style-src-elem, script-src-attr, and script-src-elem directives (@ggalmazor)

For more details, see https://github.com/github/secure_headers/blob/v6.3.2/CHANGELOG.md

v6.3.1

Release notes:

• Fixes deprecation warnings when running under ruby 2.7

For more details, see https://github.com/github/secure_headers/blob/v6.3.1/CHANGELOG.md

Fix rails 2 support

@solenko noticed an issue with the way the gem is loaded in rails 2 #304