diff options
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/alaveteli.rb | 5 | ||||
| -rw-r--r-- | config/initializers/missing_source_file.rb | 2 | ||||
| -rw-r--r-- | config/initializers/secure_headers.rb | 24 |
3 files changed, 26 insertions, 5 deletions
diff --git a/config/initializers/alaveteli.rb b/config/initializers/alaveteli.rb index ec403b477..19e8df7d1 100644 --- a/config/initializers/alaveteli.rb +++ b/config/initializers/alaveteli.rb @@ -10,7 +10,7 @@ load "debug_helpers.rb" load "util.rb" # Application version -ALAVETELI_VERSION = '0.20.0.14' +ALAVETELI_VERSION = '0.21.0.0' # Add new inflection rules using the following format # (all these examples are active by default): @@ -53,9 +53,8 @@ require 'theme' require 'xapian_queries' require 'date_quarter' require 'public_body_csv' -require 'category_and_heading_migrator' -require 'public_body_categories' require 'routing_filters' +require 'alaveteli_text_masker' AlaveteliLocalization.set_locales(AlaveteliConfiguration::available_locales, AlaveteliConfiguration::default_locale) diff --git a/config/initializers/missing_source_file.rb b/config/initializers/missing_source_file.rb deleted file mode 100644 index a114fa972..000000000 --- a/config/initializers/missing_source_file.rb +++ /dev/null @@ -1,2 +0,0 @@ -# For Rails 2.3 on Ruby 1.9.3 @see https://github.com/rails/rails/pull/3745 -MissingSourceFile::REGEXPS << [/^cannot load such file -- (.+)$/i, 1] diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb new file mode 100644 index 000000000..99730e6b2 --- /dev/null +++ b/config/initializers/secure_headers.rb @@ -0,0 +1,24 @@ +::SecureHeaders::Configuration.configure do |config| + + # https://tools.ietf.org/html/rfc6797 + if AlaveteliConfiguration::force_ssl + config.hsts = { :max_age => 20.years.to_i, :include_subdomains => true } + else + config.hsts = false + end + # https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02 + config.x_frame_options = "sameorigin" + + # http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx + config.x_content_type_options = "nosniff" + + # http://msdn.microsoft.com/en-us/library/dd565647%28v=vs.85%29.aspx + config.x_xss_protection = { :value => 1 } + + # https://w3c.github.io/webappsec/specs/content-security-policy/ + config.csp = false + + # https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions + config.x_download_options = false +end + |