Skip to content

Commit

Permalink
Upgrade version and docs to 7.0 (#528)
Browse files Browse the repository at this point in the history
## All PRs:

* [x] Has tests
* [x] Documentation updated

## Adding a new header

N/A

## Adding a new CSP directive

N/A

Closes #480
  • Loading branch information
rzhade3 authored Oct 16, 2024
1 parent 6b5eb33 commit bac6dae
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 2 deletions.
12 changes: 12 additions & 0 deletions docs/upgrading-to-7-0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
## X-Xss-Protection is set to 0 by default

Version 6 and below of `secure_headers` set the `X-Xss-Protection` to `1; mode=block` by default. This was done to protect against reflected XSS attacks. However, this header is no longer recommended (see https://github.com/github/secure_headers/issues/439 for more information).

If any functionality in your app depended on this header being set to the previous value, you will need to set it explicitly in your configuration.

```ruby
# config/initializers/secure_headers.rb
SecureHeaders::Configuration.default do |config|
config.x_xss_protection = "1; mode=block"
end
```
2 changes: 1 addition & 1 deletion lib/secure_headers/version.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# frozen_string_literal: true

module SecureHeaders
VERSION = "6.5.0"
VERSION = "7.0.0"
end
2 changes: 1 addition & 1 deletion secure_headers.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
gem.description = 'Add easily configured security headers to responses
including content-security-policy, x-frame-options,
strict-transport-security, etc.'
gem.homepage = "https://github.com/twitter/secureheaders"
gem.homepage = "https://github.com/github/secure_headers"
gem.license = "MIT"
gem.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
Expand Down

0 comments on commit bac6dae

Please sign in to comment.