github / secure_headers

Notifications
Star 2.9k
Fork 245

Code
Issues 18
Pull requests 5
Actions
Security
Insights

Code
Issues
Pull requests
Actions
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

18 Open 186 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated

Most reactions

nonced tag helpers including nonce directive in csp has potential to break applications

#470 opened Mar 23, 2021 by pcasaretto

Guide for transitioning from secure_headers to vanilla rails csp

#466 opened Feb 12, 2021 by oreoshake

Add simple static configuration option for bypassing application of all security headers

#450 opened Dec 15, 2020 by h0jeZvgoxFepBQ2C

Validation on plugin-types does not allow for the empty directive

#448 opened Oct 23, 2020 by oreoshake

Fetch Metadata Browser Headers

#441 opened Jun 15, 2020 by ThunderSon

Should x-xss-protection default to “0” instead of “1; mode=block”

#439 opened May 17, 2020 by oreoshake

Fix or remove support for automatically-computed CSP hashes

#432 opened Feb 25, 2020 by chongfai13

Webpacker javascript_packs_with_chunks_tag support

#407 opened Jul 24, 2019 by seanders

Stricter validation on samesite configuration

#398 opened Sep 28, 2018 by vcsjones

Confirm feature parity with secure_headers <=> rails vanilla

#394 opened Jul 19, 2018 by oreoshake

4 tasks

Remove logic that modifies policies in unexpected ways? question

#385 opened Jan 24, 2018 by oreoshake

report-uri sample rate

#379 opened Jan 14, 2018 by jacobbednarz

CSP sources are incorrectly removed when both wildcards and schemes are present

#376 opened Nov 29, 2017 by tessereth

Don't upgrade insecure requests when the page is served over HTTP 3.x 4.x bug

#348 opened Jul 28, 2017 by guiprav

Handle setting multiple headers of the same name (by using a comma-separate list) enhancement feature

#323 opened Apr 12, 2017 by oreoshake

Dynamic referrer-policy headers feature

#318 opened Mar 2, 2017 by oreoshake

Source Deduplication Doesn't Take Schemes into Account bug

#317 opened Mar 1, 2017 by belenko

Add support for Permissions-Policy header

#275 opened Jul 20, 2016 by oreoshake

ProTip! Type g p on any issue or pull request to go back to the pull request listing page.