Skip to content

7.2 release #566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
rei-moo wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

7.2 release #566

rei-moo wants to merge 8 commits into from

Conversation

@rei-moo
Copy link
Contributor

@rei-moo rei-moo commented Dec 15, 2025
edited by fletchto99
Loading

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 16, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 16, 2025
View reviewed changes
@rei-moo rei-moo force-pushed the feature-7.2 branch 3 times, most recently from 4f5686e to 930157e Compare December 16, 2025 23:08
@deril @rei-moo
fix(cookies): fix compatibility with rack 3
d133044 
Do not join cookies with new like if they weren't before

fix(middleware): ensure headers are wrapped with `Rack::Headers`

Add `Rack::Headers` wrapping to middleware to
prevent header manipulation issues. Added a test
to verify cookies remain as an array when flagged
if already in array format.
obrie and others added 4 commits December 17, 2025 14:00
@obrie @rei-moo
Remove non-lowercase headers in Rails default configuration (fixes #541)
9bc0b6c 
While this gem now uses lowercase headers, the Rails default configuration still
defines non-lowercase headers.  As a result, our Railtie will not remove those
conflicting headers.

This change ensures that we're accounting for both lowercase and non-lowercase
default headers in Rails.
@keithamus @dgreif @rei-moo
normalize domains with trailing slashes
3334929 
CSP3 more explicitly calls this out:

> If path A consists of one character that is equal to the U+002F
> SOLIDUS character (/) and path B is empty, return "Matches".

A URL like `example.com/foo` will match a connect-src of `example.com`,
as well as `example.com/`, so having two connect-srcs listed like this
is redundant.

fix: allow URIs with schema to have trailing slashes normalised

Co-authored-by: Dusty Greif <dgreif@users.noreply.github.com>
@fletchto99 @rei-moo
Fix tests (sources are no longer minified since #499)
7f19fb2
@rahearn @rei-moo
Refactor rake task methods into module for better testing
b3557f7 
Fix rake task file count output message
Copilot AI and others added 2 commits December 19, 2025 13:07
@fletchto99
Don't set upgrade_insecure_requests for HTTP requests (fixes #348)
d774c23 
Co-authored-by: fletchto99 <718681+fletchto99@users.noreply.github.com>m>
@fletchto99
Add Configuration.disable! option (fixes #540)
e5f347e 
Co-authored-by: fletchto99 <718681+fletchto99@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

7 participants

@rei-moo @deril @obrie @keithamus @fletchto99 @rahearn