{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":7122663,"defaultBranch":"main","name":"secure_headers","ownerLogin":"github","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-12-12T01:41:57.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/9919?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1693840167.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"f85f6312099b5cbc160368470d52a558f0bc1a46","ref":"refs/heads/dependabot/github_actions/actions/checkout-4","pushedAt":"2023-09-04T15:09:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump actions/checkout from 3 to 4\n\nBumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/v3...v4)\n\n---\nupdated-dependencies:\n- dependency-name: actions/checkout\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump actions/checkout from 3 to 4"}},{"before":"ff9797fe967c85605ed576dac236b74776306c05","after":"7a23cb6b350b024a786e163e81c902552b9c484f","ref":"refs/heads/main","pushedAt":"2023-08-11T18:20:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"KyFaSt","name":"Kylie Stradley","path":"/KyFaSt","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/4666485?s=80&v=4"},"commit":{"message":"Make SecureSecurityPolicyConfig significantly faster (#506)\n\nWe have been seeing this gem a lot in profiles. Must of this slowness\r\nseems to come from overuse of instance variables in `DynamicConfig` and\r\nattempting to use them basically as a hash (which we can do much faster\r\nwith a hash 😅)\r\n\r\nThe first commit of these is the most important, but the other two also\r\nsignificantly speed things up.\r\n\r\nThere is definitely more improvement available here, we seem to be\r\noverly cautious in duplicating arrays, and we also seem to convert\r\nunnecessarily between hashes and the config object, but I think this is\r\nthe best place to start.\r\n\r\n
\r\nBenchmark:\r\n\r\n```\r\nrequire \"secure_headers\"\r\nrequire \"benchmark/ips\"\r\n\r\n# Copied from README\r\nMyCSPConfig = SecureHeaders::ContentSecurityPolicyConfig.new(\r\n preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.\r\n disable_nonce_backwards_compatibility: true, # default: false. If false, `unsafe-inline` will be added automatically when using nonces. If true, it won't. See #403 for why you'd want this.\r\n\r\n # directive values: these values will directly translate into source directives\r\n default_src: %w('none'),\r\n base_uri: %w('self'),\r\n block_all_mixed_content: true, # see https://www.w3.org/TR/mixed-content/\r\n child_src: %w('self'), # if child-src isn't supported, the value for frame-src will be set.\r\n connect_src: %w(wss:),\r\n font_src: %w('self' data:),\r\n form_action: %w('self' github.com),\r\n frame_ancestors: %w('none'),\r\n img_src: %w(mycdn.com data:),\r\n manifest_src: %w('self'),\r\n media_src: %w(utoob.com),\r\n object_src: %w('self'),\r\n sandbox: true, # true and [] will set a maximally restrictive setting\r\n plugin_types: %w(application/x-shockwave-flash),\r\n script_src: %w('self'),\r\n script_src_elem: %w('self'),\r\n script_src_attr: %w('self'),\r\n style_src: %w('unsafe-inline'),\r\n style_src_elem: %w('unsafe-inline'),\r\n style_src_attr: %w('unsafe-inline'),\r\n worker_src: %w('self'),\r\n upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/\r\n report_uri: %w(https://report-uri.io/example-csp)\r\n)\r\n\r\n\r\nBenchmark.ips do |x|\r\n x.report \"csp_config.to_h\" do\r\n MyCSPConfig.to_h\r\n end\r\n\r\n x.report \"csp_config.append\" do\r\n MyCSPConfig.append({})\r\n end\r\n\r\n x.report \"new(config).value\" do\r\n SecureHeaders::ContentSecurityPolicy.new(MyCSPConfig).value\r\n end\r\nend\r\n```\r\n\r\n
\r\n\r\n\r\n**Before:**\r\n\r\n```\r\n$ be ruby bench.rb\r\nWarming up --------------------------------------\r\n csp_config.to_h 13.737k i/100ms\r\n csp_config.append 2.105k i/100ms\r\n new(config).value 1.429k i/100ms\r\nCalculating -------------------------------------\r\n csp_config.to_h 139.988k (± 0.3%) i/s - 700.587k in 5.004666s\r\n csp_config.append 21.133k (± 2.4%) i/s - 107.355k in 5.082856s\r\n new(config).value 14.298k (± 0.4%) i/s - 72.879k in 5.097116s\r\n```\r\n\r\n\r\n**After:**\r\n\r\n```\r\n$ be ruby bench.rb\r\nWarming up --------------------------------------\r\n csp_config.to_h 123.784k i/100ms\r\n csp_config.append 4.181k i/100ms\r\n new(config).value 1.617k i/100ms\r\nCalculating -------------------------------------\r\n csp_config.to_h 1.238M (± 3.1%) i/s - 6.189M in 5.003769s\r\n csp_config.append 40.921k (± 1.0%) i/s - 204.869k in 5.006924s\r\n new(config).value 16.095k (± 0.4%) i/s - 80.850k in 5.023259s\r\n```\r\n\r\n`to_h` is 10x faster, `append` is 2x faster, and .value (which was not\r\nthe target of these optimizations but I didn't want to see it regress)\r\nis slightly faster\r\n\r\n---------\r\n\r\nCo-authored-by: Kylie Stradley <4666485+KyFaSt@users.noreply.github.com>","shortMessageHtmlLink":"Make SecureSecurityPolicyConfig significantly faster (#506)"}},{"before":"028adb97629c0f94c42c7ce425caeec8387b5fcd","after":null,"ref":"refs/heads/deprecate-block-all-mixed-content","pushedAt":"2023-07-19T11:32:08.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"KyFaSt","name":"Kylie Stradley","path":"/KyFaSt","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/4666485?s=80&v=4"}},{"before":"accd05c638c725a3dba9edd2d7587e693efba35b","after":"ff9797fe967c85605ed576dac236b74776306c05","ref":"refs/heads/main","pushedAt":"2023-07-19T11:32:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"KyFaSt","name":"Kylie Stradley","path":"/KyFaSt","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/4666485?s=80&v=4"},"commit":{"message":"deprecate block-all-mixed-content (#509)","shortMessageHtmlLink":"deprecate block-all-mixed-content (#509)"}},{"before":null,"after":"028adb97629c0f94c42c7ce425caeec8387b5fcd","ref":"refs/heads/deprecate-block-all-mixed-content","pushedAt":"2023-07-10T20:17:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"KyFaSt","name":"Kylie Stradley","path":"/KyFaSt","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/4666485?s=80&v=4"},"commit":{"message":"deprecate block-all-mixed-content\n\n* update tests and readme to reflect this change\n* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content:x","shortMessageHtmlLink":"deprecate block-all-mixed-content"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADeQikxQA","startCursor":null,"endCursor":null}},"title":"Activity · github/secure_headers"}