Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: github/secure_headers
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v6.7.0
Choose a base ref
Loading
...
head repository: github/secure_headers
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v7.0.0
Choose a head ref
Loading
  • 9 commits
  • 6 files changed
  • 4 contributors

Commits on Sep 4, 2023

  1. Bump actions/checkout from 3 to 4 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Sep 4, 2023
    Configuration menu
    Copy the full SHA
    f85f631 View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2024

  1. Bump actions/checkout from 3 to 4 (#510) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to
4.
    @rzhade3
    rzhade3 authored Aug 8, 2024
    Configuration menu
    Copy the full SHA
    6d13d18 View commit details
    Browse the repository at this point in the history

  2. Update build.yml (#520) 

    ## All PRs:

* [x] Has tests N/A
* [x] Documentation updated N/A

## Adding a new header

Generally, adding a new header is always OK.

* Is the header supported by any user agent? If so, which?
* What does it do?
* What are the valid values for the header?
* Where does the specification live?

## Adding a new CSP directive

* Is the directive supported by any user agent? If so, which?
* What does it do?
* What are the valid values for the directive?

---------

Co-authored-by: Rahul Zhade <rzhade3@users.noreply.github.com>
    @boveus @rzhade3
    boveus and rzhade3 authored Aug 8, 2024
    Configuration menu
    Copy the full SHA
    b122c2f View commit details
    Browse the repository at this point in the history

Commits on Aug 9, 2024

  1. Update default X-XSS-Protection value to 0 (#479) 

    This PR updates the default value of the `X-XSS-Protection` header to 0.
There's further discussion here about the reasons for this:
#439.

## All PRs:

* [x] Has tests
* [x] Documentation updated

Closes #439
    @rzhade3
    rzhade3 authored Aug 9, 2024
    Configuration menu
    Copy the full SHA
    cf56fc9 View commit details
    Browse the repository at this point in the history

  2. Add permissions to build workflow and pin ruby

    @vcsjones
    vcsjones committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    706d66e View commit details
    Browse the repository at this point in the history

  3. [Housekeeping] Add permissions to build workflow and pin ruby (#521)

    @vcsjones
    vcsjones authored Aug 9, 2024
    Configuration menu
    Copy the full SHA
    e4a129d View commit details
    Browse the repository at this point in the history

Commits on Oct 7, 2024

  1. Bump ruby/setup-ruby from 1.190.0 to 1.195.0 (#526) 

    Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.190.0
to 1.195.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.195.0</h2>
<h2>What's Changed</h2>
<ul>
<li><code>README.md</code>: Mention link to supported Ruby versions for
GitHub-hosted runners by <a
href="https://github.com/stdedos"><code>@​stdedos</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/651">ruby/setup-ruby#651</a></li>
<li>Add ASAN CRuby build by <a
href="https://github.com/ioquatix"><code>@​ioquatix</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/653">ruby/setup-ruby#653</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/stdedos"><code>@​stdedos</code></a> made
their first contribution in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/651">ruby/setup-ruby#651</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.194.0...v1.195.0">https://github.com/ruby/setup-ruby/compare/v1.194.0...v1.195.0</a></p>
<h2>v1.194.0</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.193.0...v1.194.0">https://github.com/ruby/setup-ruby/compare/v1.193.0...v1.194.0</a></p>
<h2>v1.193.0</h2>
<h2>What's Changed</h2>
<ul>
<li>README.md - Windows - clarify installed packages, 2022 vs 2019 by <a
href="https://github.com/MSP-Greg"><code>@​MSP-Greg</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/642">ruby/setup-ruby#642</a></li>
<li>Add truffleruby-24.1.0,truffleruby+graalvm-24.1.0 by <a
href="https://github.com/ruby-builder-bot"><code>@​ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/643">ruby/setup-ruby#643</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.192.0...v1.193.0">https://github.com/ruby/setup-ruby/compare/v1.192.0...v1.193.0</a></p>
<h2>v1.192.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update CRuby releases on Windows by <a
href="https://github.com/ruby-builder-bot"><code>@​ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/636">ruby/setup-ruby#636</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.191.0...v1.192.0">https://github.com/ruby/setup-ruby/compare/v1.191.0...v1.192.0</a></p>
<h2>v1.191.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add ruby-3.3.5 by <a
href="https://github.com/ruby-builder-bot"><code>@​ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/634">ruby/setup-ruby#634</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.190.0...v1.191.0">https://github.com/ruby/setup-ruby/compare/v1.190.0...v1.191.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ruby/setup-ruby/commit/086ffb1a2090c870a3f881cc91ea83aa4243d408"><code>086ffb1</code></a>
Update the <code>dist/index.js</code>.</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/27ceac80810ce495067e5a5a9d0137f4038219a0"><code>27ceac8</code></a>
Add asan to the test matrix.</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/aac0c648121d38a2dc0f7293071ee4261b15f141"><code>aac0c64</code></a>
Add <code>asan</code> as a head version of Ruby.</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/727fd4feabe1aceb253bc60618f6cfc55089d71d"><code>727fd4f</code></a>
Update ruby-builder-versions.json</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/79c01b8847e1e8745099b43605caa205cdb10b90"><code>79c01b8</code></a>
<code>README.md</code>: Mention link to supported Ruby versions for
GitHub-hosted runners</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/c04af2bb7258bb6a03df1d3c1865998ac9390972"><code>c04af2b</code></a>
Replace macos-release by (parseInt(os.version()) - 9)</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/17f5c914a0f34a07ade5922ce062548d079b665b"><code>17f5c91</code></a>
Add support for macos-15 and all future macos runners</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/5496baa6dba5302bd9cf85284f3648efa7e83552"><code>5496baa</code></a>
Update macos-release to 3.3.0 so it recognizes macos-15</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/0ec4904dc738052acf9fd5c1bffe0f98861d640f"><code>0ec4904</code></a>
Better error for TruffleRuby on Windows</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/f321cf5a4d1533575411f8752cf25b86478b0442"><code>f321cf5</code></a>
Add truffleruby-24.1.0,truffleruby+graalvm-24.1.0</li>
<li>Additional commits viewable in <a
href="https://github.com/ruby/setup-ruby/compare/a6e6f86333f0a2523ece813039b8b4be04560854...086ffb1a2090c870a3f881cc91ea83aa4243d408">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruby/setup-ruby&package-manager=github_actions&previous-version=1.190.0&new-version=1.195.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    8e548ee View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2024

  1. Bump ruby/setup-ruby from 1.195.0 to 1.196.0 (#527) 

    Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.195.0
to 1.196.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.196.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add ruby-3.4.0-preview2 by <a
href="https://github.com/ruby-builder-bot"><code>@​ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/655">ruby/setup-ruby#655</a></li>
<li>Test the last 3.4 preview in CI by <a
href="https://github.com/eregon"><code>@​eregon</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/656">ruby/setup-ruby#656</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.195.0...v1.196.0">https://github.com/ruby/setup-ruby/compare/v1.195.0...v1.196.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ruby/setup-ruby/commit/f26937343756480a8cb3ae1f623b9c8d89ed6984"><code>f269373</code></a>
Test the last 3.4 preview in CI</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/784fcda67fed34fbeb4c3263e0ef0ec53671a523"><code>784fcda</code></a>
Add ruby-3.4.0-preview2</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/f6e05710eced3c9c28e489afdc6fd8a3bc685325"><code>f6e0571</code></a>
Update README.md</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/207a39969b26ad451d3358e25e69c505f09a0b1b"><code>207a399</code></a>
Move the link to the list together with other text about builds</li>
<li>See full diff in <a
href="https://github.com/ruby/setup-ruby/compare/086ffb1a2090c870a3f881cc91ea83aa4243d408...f26937343756480a8cb3ae1f623b9c8d89ed6984">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruby/setup-ruby&package-manager=github_actions&previous-version=1.195.0&new-version=1.196.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    6b5eb33 View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2024

  1. Upgrade version and docs to 7.0 (#528) 

    ## All PRs:

* [x] Has tests
* [x] Documentation updated

## Adding a new header

N/A

## Adding a new CSP directive

N/A

Closes #480
    @rzhade3
    rzhade3 authored Oct 16, 2024
    Configuration menu
    Copy the full SHA
    bac6dae View commit details
    Browse the repository at this point in the history
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.