Secure Headers Versions Save

What's Changed

• Make SecureSecurityPolicyConfig significantly faster by @jhawthorn in https://github.com/github/secure_headers/pull/506
• Note: If you are accessing values on SecureSecurityPolicyConfig as ivars, you will need to change this to hash access.

New Contributors

• @jhawthorn made their first contribution in https://github.com/github/secure_headers/pull/506

Full Changelog: https://github.com/github/secure_headers/compare/v6.6.0...v6.7.0

• CSP: Removed deprecated header block-all-mixed-content and replaced it with a recommendation to use the already supported upgrade-insecure-requests instead.

• CSP: Add support for trusted-types, require-trusted-types-for directive (@JackMc): https://github.com/github/secure_headers/pull/486

https://github.com/github/secure_headers/blob/v6.4.0/CHANGELOG.md

• CSP: Do not deduplicate alternate schema source expressions (@keithamus): https://github.com/github/secure_headers/pull/478

https://github.com/github/secure_headers/blob/v6.3.4/CHANGELOG.md

Release notes:

• Fixes deprecation warnings when running under ruby 2.7

For more details, see https://github.com/github/secure_headers/blob/v6.3.1/CHANGELOG.md

Release notes:

• Add support for style-src-attr, style-src-elem, script-src-attr, and script-src-elem directives (@ggalmazor)

For more details, see https://github.com/github/secure_headers/blob/v6.3.2/CHANGELOG.md

• Fix hash generation for indented helper methods (@rahearn)

For more details, see https://github.com/github/secure_headers/blob/v6.3.3/CHANGELOG.md

@solenko noticed an issue with the way the gem is loaded in rails 2 https://github.com/twitter/secureheaders/pull/304

• Fix bug that can occur when useragent library version is older, resulting in a nil version sometimes.
• Add constant for strict-dynamic