From f57f3fdaa268c81278c265452bd2a91ff5a171db Mon Sep 17 00:00:00 2001 From: myersg86 Date: Wed, 5 Feb 2025 22:36:53 -0700 Subject: [PATCH] fix: Fix typos --- CHANGELOG.md | 4 ++-- lib/secure_headers.rb | 2 +- lib/secure_headers/configuration.rb | 2 +- lib/secure_headers/headers/content_security_policy.rb | 4 ++-- lib/secure_headers/headers/policy_management.rb | 4 ++-- .../headers/x_permitted_cross_domain_policies_spec.rb | 2 +- spec/lib/secure_headers_spec.rb | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 662bdd1a..531894d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,7 +70,7 @@ NOTE: this version is a breaking change due to the removal of HPKP. Remove the H ## 5.0.0 -Well this is a little embarassing. 4.0 was supposed to set the secure/httponly/samesite=lax attributes on cookies by default but it didn't. Now it does. - See the [upgrading to 5.0](docs/upgrading-to-5-0.md) guide. +Well this is a little embarrassing. 4.0 was supposed to set the secure/httponly/samesite=lax attributes on cookies by default but it didn't. Now it does. - See the [upgrading to 5.0](docs/upgrading-to-5-0.md) guide. ## 4.0.1 @@ -194,7 +194,7 @@ end ## 3.4.0 the frame-src/child-src transition for Firefox. -Handle the `child-src`/`frame-src` transition semi-intelligently across versions. I think the code best descibes the behavior here: +Handle the `child-src`/`frame-src` transition semi-intelligently across versions. I think the code best describes the behavior here: ```ruby if supported_directives.include?(:child_src) diff --git a/lib/secure_headers.rb b/lib/secure_headers.rb index 6426e538..819087a2 100644 --- a/lib/secure_headers.rb +++ b/lib/secure_headers.rb @@ -178,7 +178,7 @@ def content_security_policy_style_nonce(request) content_security_policy_nonce(request, ContentSecurityPolicy::STYLE_SRC) end - # Public: Retreives the config for a given header type: + # Public: Retrieves the config for a given header type: # # Checks to see if there is an override for this request, then # Checks to see if a named override is used for this request, then diff --git a/lib/secure_headers/configuration.rb b/lib/secure_headers/configuration.rb index e96f4f9d..4fd459ea 100644 --- a/lib/secure_headers/configuration.rb +++ b/lib/secure_headers/configuration.rb @@ -35,7 +35,7 @@ def default(&block) # Public: create a named configuration that overrides the default config. # - # name - use an idenfier for the override config. + # name - use an identifier for the override config. # base - override another existing config, or override the default config # if no value is supplied. # diff --git a/lib/secure_headers/headers/content_security_policy.rb b/lib/secure_headers/headers/content_security_policy.rb index ae225e7c..055771f0 100644 --- a/lib/secure_headers/headers/content_security_policy.rb +++ b/lib/secure_headers/headers/content_security_policy.rb @@ -79,7 +79,7 @@ def build_sandbox_list_directive(directive) end # A maximally strict sandbox policy is just the `sandbox` directive, - # whith no configuraiton values. + # with no configuration values. if max_strict_policy symbol_to_hyphen_case(directive) elsif sandbox_list && sandbox_list.any? @@ -120,7 +120,7 @@ def build_source_list_directive(directive) end # If a directive contains *, all other values are omitted. - # If a directive contains 'none' but has other values, 'none' is ommitted. + # If a directive contains 'none' but has other values, 'none' is omitted. # Schemes are stripped (see http://www.w3.org/TR/CSP2/#match-source-expression) def minify_source_list(directive, source_list) source_list = source_list.compact diff --git a/lib/secure_headers/headers/policy_management.rb b/lib/secure_headers/headers/policy_management.rb index 3129c0d3..d34c8a8c 100644 --- a/lib/secure_headers/headers/policy_management.rb +++ b/lib/secure_headers/headers/policy_management.rb @@ -201,7 +201,7 @@ def make_header(config) # Public: Validates each source expression. # - # Does not validate the invididual values of the source expression (e.g. + # Does not validate the individual values of the source expression (e.g. # script_src => h*t*t*p: will not raise an exception) def validate_config!(config) return if config.nil? || config.opt_out? @@ -402,7 +402,7 @@ def validate_require_trusted_types_for_source_expression!(directive, require_tru # 1. is an array of strings # 2. does not contain any deprecated, now invalid values (inline, eval, self, none) # - # Does not validate the invididual values of the source expression (e.g. + # Does not validate the individual values of the source expression (e.g. # script_src => h*t*t*p: will not raise an exception) def validate_source_expression!(directive, source_expression) if source_expression != OPT_OUT diff --git a/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb b/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb index 3cd0fa2b..06aa7f94 100644 --- a/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb +++ b/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb @@ -37,7 +37,7 @@ module SecureHeaders end end - context "invlaid configuration values" do + context "invalid configuration values" do it "doesn't accept invalid values" do expect do XPermittedCrossDomainPolicies.validate_config!("open") diff --git a/spec/lib/secure_headers_spec.rb b/spec/lib/secure_headers_spec.rb index fd66d487..c549ba95 100644 --- a/spec/lib/secure_headers_spec.rb +++ b/spec/lib/secure_headers_spec.rb @@ -226,7 +226,7 @@ module SecureHeaders expect(hash[ContentSecurityPolicyConfig::HEADER_NAME]).to eq("default-src 'none'; script-src 'self'") end - it "overrides non-existant directives" do + it "overrides non-existent directives" do Configuration.default do |config| config.csp = { default_src: %w(https:),