Skip to content

Commit e8f5103

Browse files
oreoshakeoreoshake
committed
Mention preserve_schemes per #251 (comment) 
1 parent eff3da9 commit e8f5103

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

upgrading-to-3-0.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ Changes
1313
| `inline` / `eval` source expressions | could be `inline`, `eval`, `'unsafe-inline'`, or `'unsafe-eval'` | Must be `'unsafe-eval'` or `'unsafe-inline'` |
1414
| Per-action configuration | override [`def secure_header_options_for(header, options)`](https://github.com/twitter/secureheaders/commit/bb9ebc6c12a677aad29af8e0f08ffd1def56efec#diff-04c6e90faac2675aa89e2176d2eec7d8R111) | Use [named overrides](https://github.com/twitter/secureheaders#named-overrides) or [per-action helpers](https://github.com/twitter/secureheaders#per-action-configuration) |
1515
| CSP/HPKP use `report_only` config that defaults to false | `enforce: false` | `report_only: false` |
16+
| schemes in source expressions | Schemes were not stripped | Schemes are stripped by default to discourage mixed content. Setting `preserve_schemes: true` will revert to previous behavior |
1617

1718
Migrating to 3.x from <= 2.x
1819
==

0 commit comments

Comments
 (0)