-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add simple static configuration option for bypassing application of all security headers #450
Comments
Hello @h0jeZvgoxFepBQ2C, I can't recall if there's a shorthand way for doing this but you can set each I agree that would be a cool addition. I doubly like that you ended your proposed api with a |
Thanks @oreoshake , I did something like this now: if ENV["DISABLE_SECURE_HEADERS"]
SecureHeaders::Configuration.default do |config|
config.cookies = SecureHeaders::OPT_OUT
config.hsts = SecureHeaders::OPT_OUT
config.x_frame_options = SecureHeaders::OPT_OUT
config.x_content_type_options = SecureHeaders::OPT_OUT
config.x_xss_protection = SecureHeaders::OPT_OUT
config.x_download_options = SecureHeaders::OPT_OUT
config.x_permitted_cross_domain_policies = SecureHeaders::OPT_OUT
config.referrer_policy = SecureHeaders::OPT_OUT
config.csp = SecureHeaders::OPT_OUT
end
else
...
end Would be maybe good to add such a small disable method, so you don't have to specify all settings manually (and maybe miss some, if new keys are implemented in future versions). And yeah, maybe there shouldn't be a Shall I leave this issue open? Or close it, since there is a workaround somehow? |
I was in favor of the I think it would be a good addition and therefore would be worth keeping open in case someone decides to implement it. |
I've updated the title to reflect that this issue is less of a question and more of a valid, useful feature request. |
I have a doubt, I don't know if I can put it here but I already looked for where it would be better and I decided here. My question and doubt and I have thought about it a lot: where but the code to apply the gem in a jekyll project? I have already installed the gem and everything but I don't see that it reflects the headers in the web project. So I don't know how or where to apply it, whether in head or body. I remain attentive and I hope you can help me. Beforehand thank you very much. |
Is there a way to enable this gem in an initializer completely?
F.e. we host our app for different customers, but due to various reasons we want to upgrade manually.
So I would like to enable secure_headers at runtime, like f.e:
I also don't want to opt out the settings, I completely want to disable secure headers (since sometimes we have set special headers by ourself and we will have to migrate them to secure headers first).
The text was updated successfully, but these errors were encountered: