1.2.0

Vapor Security Headers 1.2.0

New features:

• #11 - Adds support for X-XSS-Protection report

1.1.0

Vapor Security Headers 1.1.0

PR #8 - Add Swift 4 support to the library

1.0.0

Vapor Security Headers 1.0.0

This is the first major release of Vapor Security Headers, updated for Vapor 2 and ready to use. Take a look at the README for latest instructions on how to use.

0.4.0 Beta 3

Updates to latest Vapor 2 changes

0.4.0 Beta 2

Vapor Security Headers 0.4.0 Beta 2

This release updates Vapor Security Headers to work with the latest Vapor 2 changes and as a result there are some major breaking changes.

Breaking Changes

• XssProtectionConfiguration is now XSSProtectionConfiguration
• The SecurityHeaders initialiser is now internal and you should move over to using the new SecurityHeadersFactory. This will make it easier to build up your security headers and add it to your Droplet with the new Vapor 2 changes. See the README for details

New Usage

For how to use the library with Vapor 2, see the README

0.4.0-beta.1

Vapor Security Headers 0.4.0-beta.1

This release adds support for Vapor 2. There are no other changes

0.3.0

Vapor Security Headers 0.3.0

The release adds the ability to set page specific Content Security Policies to allow you to enable different content only when needed rather than on a whole site basis.

To add a specific CSP to a request, create a separate ContentSecurityPolicyConfiguration and then add it to the request. For example, inside a route handler, you could do:

let pageSpecificCSPVaue = "default-src 'none'; script-src https://comments.disqus.com;"
let pageSpecificCSP = ContentSecurityPolicyConfiguration(value: pageSpecificCSPValue)
request.contentSecurityPolicy = pageSpecificCSP

0.2.1

Vapor Security Headers 0.2.1

This release adds the ability to set a referrer policy on the API Security Headers. The use case for this is for those use the API headers for a server that is using a React front-end with a single page.

The referrer policy can be set with:

let referrerConfig = ReferrerPolicyConfiguration(.strictOrigin)
let securityHeaders = SecurityHeaders.api(referrerPolicyConfiguration: referrerConfig)

0.2.0

Vapor Security Headers 0.2.0

This release adds support for the Referrer Policy header which basically dictates when then Referrer header can be sent with requests. The W3C proposal can be found here and a good explanation of the header can be found on Scott Helme's Blog.

There are no breaking with this release. To set this new header, just create a configuration and pass it to the security headers setup:

let referrerConfig = ReferrerPolicyConfiguration(.sameOrigin)
let securityHeaders = SecurityHeaders(referrerPolicyConfiguration: referrerConfig)

0.1.1

VaporSecurityHeaders 0.1.1

Fixes:

• Not being able to use the library due to access issues...you know actually making it usable!