Comments (1)
Puma caught this error: bad URI(is not URI?): "blob: rylan.test" (URI::InvalidURIError)
ruby-2.7.6/lib/ruby/2.7.0/uri/rfc3986_parser.rb:67:in `split'
ruby-2.7.6/lib/ruby/2.7.0/uri/rfc3986_parser.rb:73:in `parse'
ruby-2.7.6/lib/ruby/2.7.0/uri/common.rb:234:in `parse'
ruby-2.7.6/lib/ruby/2.7.0/uri/common.rb:737:in `URI'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:162:in `block in dedup_source_list'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:162:in `map'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:162:in `dedup_source_list'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:136:in `minify_source_list'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:111:in `build_source_list_directive'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:59:in `block in build_value'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:54:in `map'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:54:in `build_value'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/content_security_policy.rb:40:in `value'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/headers/policy_management.rb:202:in `make_header'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/configuration.rb:211:in `block in generate_headers'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/configuration.rb:209:in `each'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/configuration.rb:209:in `generate_headers'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers.rb:145:in `header_hash_for'
ruby/2.7.6/gems/secure_headers-6.4.0/lib/secure_headers/middleware.rb:15:in `call'
ruby/2.7.6/gems/rack-mini-profiler-3.0.0/lib/mini_profiler/profiler.rb:393:in `call'
ruby/2.7.6/gems/webpacker-5.4.3/lib/webpacker/dev_server_proxy.rb:25:in `perform_request'
ruby/2.7.6/gems/rack-proxy-0.7.0/lib/rack/proxy.rb:63:in `call'
ruby/2.7.6/gems/railties-6.0.5.1/lib/rails/engine.rb:527:in `call'
ruby/2.7.6/gems/puma-5.6.4/lib/puma/configuration.rb:252:in `call'
ruby/2.7.6/gems/puma-5.6.4/lib/puma/request.rb:77:in `block in handle_request'
ruby/2.7.6/gems/puma-5.6.4/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
ruby/2.7.6/gems/puma-5.6.4/lib/puma/request.rb:76:in `handle_request'
ruby/2.7.6/gems/puma-5.6.4/lib/puma/server.rb:441:in `process_client'
ruby/2.7.6/gems/puma-5.6.4/lib/puma/thread_pool.rb:147:in `block in spawn_thread'
From a block for local development:
if Rails.env.development?
config.csp[:connect_src] << 'http://localhost:3035'
config.csp[:connect_src] << 'ws://localhost:3035'
config.csp[:style_src] << 'blob: rylan.test'
config.x_frame_options = 'SAMEORIGIN'
config.csp[:frame_src] << 'localhost:5000'
config.csp[:frame_src] << 'rylan.test:5000'
end
I added the blob: rylan.test awhile back to fix local development issues, but not sure why it broke on updating to secure_headers (6.4.0)
yesterday.
from secure_headers.
Related Issues (20)
- Setting SameSite cookie attribute conditionally HOT 4
- Guide for transitioning from secure_headers to vanilla rails csp HOT 3
- Incorrect Version as latest release HOT 1
- nonced tag helpers including nonce directive in csp has potential to break applications HOT 17
- Add support for CSP level 3 HOT 3
- Why is CSP in report only mode blocking requests? HOT 3
- Add require-trusted-types-for to CSP HOT 3
- Support CSP "double policies"
- Major Version 7.0.0 HOT 1
- Set `default-src` CSP Attribute to `none` by default HOT 1
- Installation instructions unclear HOT 1
- jekyll integration HOT 3
- How can I disable 'unsafe-inline' from script-src? HOT 1
- test issue
- test issue
- `content_security_policy_nonce` calls Rails method so CSP does not contain nonce
- CSP Report-uri deprecated, replaced by report-to
- RubyGems doesn't have latest version of this gem HOT 1
- SecureHeaders middleware erases all cookies in Rack 3 due to \n joining HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure_headers.