Skip to content

CHANGELOG.md

Latest commit

 

History

History
87 lines (64 loc) · 3.01 KB

CHANGELOG.md

File metadata and controls

87 lines (64 loc) · 3.01 KB

Changelog

All notable changes to headersvalidator are documented in this file.

Format follows Keep a Changelog. Version numbers follow Semantic Versioning.

Unreleased

0.1.4 — 2026-05-15

Added

  • pytest-mock>=3.12 added to dev extras.

Changed

  • assessor.assess(): parameters after url are now keyword-only (enforced by *,), preventing accidental positional mis-binding by callers.
  • cli: --version short flag changed from -v to -V (uppercase), consistent with all other platform modules.
  • reporter.save_report(): now raises ValueError for unsupported file extensions instead of silently falling back to plain text, aligning behaviour with the existing docstring.
  • verdict: VerdictSeverity gains a LOW member (1 pt penalty) between MEDIUM and INFO, completing the five-tier severity vocabulary shared with mailvalidator.

0.1.3 — 2026-05-15

Added

  • assessor.assess() accepts an optional progress_cb: Callable[[str], None] parameter, consistent with the platform-wide public API convention.
  • reporter module now exposes a public console alias (Console(record=True)) and a save_report(path) function; the CLI imports these rather than duplicating the export logic internally.

Changed

  • CLI migrated to use reporter.console and reporter.save_report() — the private _save_report() helper in cli.py has been removed.

0.1.2 — 2026-04-08

Added

  • Report header now shows the final redirect destination URL when a redirect was followed during the header fetch.

0.1.1 — 2026-04-08

Fixed

  • HTTP redirect followed correctly when the https:// port is closed and the server redirects to http://.

0.1.0 — 2026-04-08

Added

  • Initial release of headersvalidator.
  • HTTP security-header validation against RFC 9110/9111, OWASP, and the IANA header registry.
  • Scoring model: PASS / WARN / FAIL / DEPRECATED / INFO status per header; letter-grade verdict (A+…F) derived from weighted penalty points.
  • Security Verdict panel with actionable recommendations surfaced in the terminal report.
  • CLI: headersvalidator check <url-or-domain> with --json, --output, --strict flags.
  • headersvalidator info rules — lists all evaluated header rules.
  • Report export to .txt, .svg, .html.
  • HEAD with GET fallback (on HTTP 405) for header fetching.