github · myersg86 · Feb 6, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -70,7 +70,7 @@ NOTE: this version is a breaking change due to the removal of HPKP. Remove the H
 
 ## 5.0.0
 
-Well this is a little embarassing. 4.0 was supposed to set the secure/httponly/samesite=lax attributes on cookies by default but it didn't. Now it does. - See the [upgrading to 5.0](docs/upgrading-to-5-0.md) guide.
+Well this is a little embarrassing. 4.0 was supposed to set the secure/httponly/samesite=lax attributes on cookies by default but it didn't. Now it does. - See the [upgrading to 5.0](docs/upgrading-to-5-0.md) guide.
 
 ## 4.0.1
 
@@ -194,7 +194,7 @@ end
 
 ## 3.4.0 the frame-src/child-src transition for Firefox.
 
-Handle the `child-src`/`frame-src` transition semi-intelligently across versions. I think the code best descibes the behavior here:
+Handle the `child-src`/`frame-src` transition semi-intelligently across versions. I think the code best describes the behavior here:
 
 ```ruby
 if supported_directives.include?(:child_src)

diff --git a/lib/secure_headers.rb b/lib/secure_headers.rb
@@ -178,7 +178,7 @@ def content_security_policy_style_nonce(request)
       content_security_policy_nonce(request, ContentSecurityPolicy::STYLE_SRC)
     end
 
-    # Public: Retreives the config for a given header type:
+    # Public: Retrieves the config for a given header type:
     #
     # Checks to see if there is an override for this request, then
     # Checks to see if a named override is used for this request, then

diff --git a/lib/secure_headers/configuration.rb b/lib/secure_headers/configuration.rb
@@ -35,7 +35,7 @@ def default(&block)
 
       # Public: create a named configuration that overrides the default config.
       #
-      # name - use an idenfier for the override config.
+      # name - use an identifier for the override config.
       # base - override another existing config, or override the default config
       # if no value is supplied.
       #

diff --git a/lib/secure_headers/headers/content_security_policy.rb b/lib/secure_headers/headers/content_security_policy.rb
@@ -79,7 +79,7 @@ def build_sandbox_list_directive(directive)
       end
 
       # A maximally strict sandbox policy is just the `sandbox` directive,
-      # whith no configuraiton values.
+      # with no configuration values.
       if max_strict_policy
         symbol_to_hyphen_case(directive)
       elsif sandbox_list && sandbox_list.any?
@@ -120,7 +120,7 @@ def build_source_list_directive(directive)
     end
 
     # If a directive contains *, all other values are omitted.
-    # If a directive contains 'none' but has other values, 'none' is ommitted.
+    # If a directive contains 'none' but has other values, 'none' is omitted.
     # Schemes are stripped (see http://www.w3.org/TR/CSP2/#match-source-expression)
     def minify_source_list(directive, source_list)
       source_list = source_list.compact

diff --git a/lib/secure_headers/headers/policy_management.rb b/lib/secure_headers/headers/policy_management.rb
@@ -201,7 +201,7 @@ def make_header(config)
 
       # Public: Validates each source expression.
       #
-      # Does not validate the invididual values of the source expression (e.g.
+      # Does not validate the individual values of the source expression (e.g.
       # script_src => h*t*t*p: will not raise an exception)
       def validate_config!(config)
         return if config.nil? || config.opt_out?
@@ -402,7 +402,7 @@ def validate_require_trusted_types_for_source_expression!(directive, require_tru
       # 1. is an array of strings
       # 2. does not contain any deprecated, now invalid values (inline, eval, self, none)
       #
-      # Does not validate the invididual values of the source expression (e.g.
+      # Does not validate the individual values of the source expression (e.g.
       # script_src => h*t*t*p: will not raise an exception)
       def validate_source_expression!(directive, source_expression)
         if source_expression != OPT_OUT

diff --git a/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb b/spec/lib/secure_headers/headers/x_permitted_cross_domain_policies_spec.rb
@@ -37,7 +37,7 @@ module SecureHeaders
       end
     end
 
-    context "invlaid configuration values" do
+    context "invalid configuration values" do
       it "doesn't accept invalid values" do
         expect do
           XPermittedCrossDomainPolicies.validate_config!("open")

diff --git a/spec/lib/secure_headers_spec.rb b/spec/lib/secure_headers_spec.rb
@@ -226,7 +226,7 @@ module SecureHeaders
           expect(hash[ContentSecurityPolicyConfig::HEADER_NAME]).to eq("default-src 'none'; script-src 'self'")
         end
 
-        it "overrides non-existant directives" do
+        it "overrides non-existent directives" do
           Configuration.default do |config|
             config.csp = {
               default_src: %w(https:),