Skip to content

Commit

Permalink
Fix egregious typos in configuration. Now valid CSPs are generated. T…
Browse files Browse the repository at this point in the history
…agging 1.3.0
  • Loading branch information
paragonie-scott committed Feb 1, 2016
1 parent bb197d4 commit b27782d
Show file tree
Hide file tree
Showing 5 changed files with 7 additions and 7 deletions.
4 changes: 2 additions & 2 deletions src/CSPBuilder.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ class CSPBuilder
'base-uri',
'default-src',
'child-src',
'connect-uri',
'font-uri',
'connect-src',
'font-src',
'form-action',
'frame-ancestors',
'frame-src',
Expand Down
2 changes: 1 addition & 1 deletion test/vectors/basic-csp-hash.out
Original file line number Diff line number Diff line change
@@ -1 +1 @@
base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob/Tng=' 'sha384-YlVjjxmBPFrOTrK8RYTXMzr/Pt2Tyv2yi4yMalWlUERx821L2qJpIJNvAnO6ouM/'; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self'; font-src 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob/Tng=' 'sha384-YlVjjxmBPFrOTrK8RYTXMzr/Pt2Tyv2yi4yMalWlUERx821L2qJpIJNvAnO6ouM/'; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
2 changes: 1 addition & 1 deletion test/vectors/basic-csp-no-old.out
Original file line number Diff line number Diff line change
@@ -1 +1 @@
base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob/Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self'; font-src 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob/Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
4 changes: 2 additions & 2 deletions test/vectors/basic-csp.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
],
"self": false
},
"connect-uri": {
"connect-src": {
"self": true
},
"font-uri": {
"font-src": {
"self": true
},
"form-action": {
Expand Down
2 changes: 1 addition & 1 deletion test/vectors/basic-csp.out
Original file line number Diff line number Diff line change
@@ -1 +1 @@
base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' https://ytimg.com ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob/Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self'; font-src 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' https://ytimg.com ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob/Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests

0 comments on commit b27782d

Please sign in to comment.