Comparing changes
Open a pull request
- 9 commits
- 14 files changed
- 10 contributors
Commits on Dec 16, 2025
-
fix(cookies): fix compatibility with rack 3
Do not join cookies with new like if they weren't before fix(middleware): ensure headers are wrapped with `Rack::Headers` Add `Rack::Headers` wrapping to middleware to prevent header manipulation issues. Added a test to verify cookies remain as an array when flagged if already in array format.
Commits on Dec 17, 2025
-
Remove non-lowercase headers in Rails default configuration (fixes #541)
While this gem now uses lowercase headers, the Rails default configuration still defines non-lowercase headers. As a result, our Railtie will not remove those conflicting headers. This change ensures that we're accounting for both lowercase and non-lowercase default headers in Rails.
-
normalize domains with trailing slashes
CSP3 more explicitly calls this out: > If path A consists of one character that is equal to the U+002F > SOLIDUS character (/) and path B is empty, return "Matches". A URL like `example.com/foo` will match a connect-src of `example.com`, as well as `example.com/`, so having two connect-srcs listed like this is redundant. fix: allow URIs with schema to have trailing slashes normalised Co-authored-by: Dusty Greif <[email protected]>
-
-
Refactor rake task methods into module for better testing
Fix rake task file count output message
Commits on Dec 19, 2025
-
Don't set upgrade_insecure_requests for HTTP requests (fixes #348)
Co-authored-by: fletchto99 <[email protected]>m>
-
Add Configuration.disable! option (fixes #540)
Co-authored-by: fletchto99 <[email protected]>
-
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff main...rei-moo/csp-nonce-conflict