diff options
| author | Louise Crow <louise.crow@gmail.com> | 2015-03-30 16:00:02 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2015-03-30 16:00:02 +0100 |
| commit | f24cc98afa25ad6010ae5316eecc15dfdb3fa79b (patch) | |
| tree | c32fecb16bb2097da7dfdf90e6915fce0bf1a425 /config/initializers | |
| parent | 823e58dc69960c600230b10604a0051359173f85 (diff) | |
| parent | 3c0604cf900ad274d8f6ff421d39854ccbf4b6af (diff) | |
Merge branch 'release/0.21'0.21.0.0
Conflicts:
locale/cy/app.po
locale/es_NI/app.po
locale/hr/app.po
locale/is_IS/app.po
locale/sr@latin/app.po
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/alaveteli.rb | 5 | ||||
| -rw-r--r-- | config/initializers/missing_source_file.rb | 2 | ||||
| -rw-r--r-- | config/initializers/secure_headers.rb | 24 |
3 files changed, 26 insertions, 5 deletions
diff --git a/config/initializers/alaveteli.rb b/config/initializers/alaveteli.rb index ec403b477..19e8df7d1 100644 --- a/config/initializers/alaveteli.rb +++ b/config/initializers/alaveteli.rb @@ -10,7 +10,7 @@ load "debug_helpers.rb" load "util.rb" # Application version -ALAVETELI_VERSION = '0.20.0.14' +ALAVETELI_VERSION = '0.21.0.0' # Add new inflection rules using the following format # (all these examples are active by default): @@ -53,9 +53,8 @@ require 'theme' require 'xapian_queries' require 'date_quarter' require 'public_body_csv' -require 'category_and_heading_migrator' -require 'public_body_categories' require 'routing_filters' +require 'alaveteli_text_masker' AlaveteliLocalization.set_locales(AlaveteliConfiguration::available_locales, AlaveteliConfiguration::default_locale) diff --git a/config/initializers/missing_source_file.rb b/config/initializers/missing_source_file.rb deleted file mode 100644 index a114fa972..000000000 --- a/config/initializers/missing_source_file.rb +++ /dev/null @@ -1,2 +0,0 @@ -# For Rails 2.3 on Ruby 1.9.3 @see https://github.com/rails/rails/pull/3745 -MissingSourceFile::REGEXPS << [/^cannot load such file -- (.+)$/i, 1] diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb new file mode 100644 index 000000000..99730e6b2 --- /dev/null +++ b/config/initializers/secure_headers.rb @@ -0,0 +1,24 @@ +::SecureHeaders::Configuration.configure do |config| + + # https://tools.ietf.org/html/rfc6797 + if AlaveteliConfiguration::force_ssl + config.hsts = { :max_age => 20.years.to_i, :include_subdomains => true } + else + config.hsts = false + end + # https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02 + config.x_frame_options = "sameorigin" + + # http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx + config.x_content_type_options = "nosniff" + + # http://msdn.microsoft.com/en-us/library/dd565647%28v=vs.85%29.aspx + config.x_xss_protection = { :value => 1 } + + # https://w3c.github.io/webappsec/specs/content-security-policy/ + config.csp = false + + # https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions + config.x_download_options = false +end + |