Merge pull request #26 from soapbucket/chore/add-notice-file

rickcrawford · web-flow · commit a222ebb1ea51 · 2026-04-17T07:05:02.000-07:00
Chore/add notice file
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -101,3 +101,10 @@ The chain is compiled once per origin and cached. Requests execute the pre-compi
 - Do NOT include enterprise features in OSS code
 - Enterprise features are available via sbproxy Cloud (cloud.sbproxy.dev)
 - GeoIP and UA parser enrichers are enterprise-only (registered via `plugin.RegisterEnricher` in sbproxy-enterprise)
+
+## License & Attribution
+- This project is licensed under Apache 2.0 (see `LICENSE`)
+- **NOTICE file maintenance:** When adding or upgrading a dependency that is licensed under Apache 2.0 (not dual MIT/Apache-2.0), update the `NOTICE` file with the dependency's copyright notice and license. Apache 2.0 Section 4 requires this.
+- To check: run `go-licenses csv ./...` or inspect `go.mod` for Apache-only deps
+- Copyright holder: Soap Bucket LLC
+- Do NOT expose internal implementation details (language, libraries, algorithms) in user-facing content per the root CLAUDE.md anti-patterns
diff --git a/e2e/cases/11-cors-security/sb.yml b/e2e/cases/11-cors-security/sb.yml
@@ -23,19 +23,14 @@ origins:
       allow_credentials: true
     policies:
       - type: security_headers
-        strict_transport_security:
-          enabled: true
-          max_age: 31536000
-          include_subdomains: true
-        content_security_policy:
-          enabled: true
-          policy: "default-src 'self'"
-        x_frame_options:
-          enabled: true
-          value: DENY
-        x_content_type_options:
-          enabled: true
-          no_sniff: true
-        referrer_policy:
-          enabled: true
-          policy: strict-origin-when-cross-origin
+        headers:
+          - name: Strict-Transport-Security
+            value: "max-age=31536000; includeSubDomains"
+          - name: Content-Security-Policy
+            value: "default-src 'self'"
+          - name: X-Frame-Options
+            value: DENY
+          - name: X-Content-Type-Options
+            value: nosniff
+          - name: Referrer-Policy
+            value: strict-origin-when-cross-origin
diff --git a/e2e/cases/17-csrf/sb.yml b/e2e/cases/17-csrf/sb.yml
@@ -6,11 +6,11 @@ origins:
     action:
       type: proxy
       url: http://127.0.0.1:18888
-    session_config:
+    session:
       allow_non_ssl: true
       cookie_name: sbproxy_session
-      cookie_max_age: 3600
-      cookie_same_site: Lax
+      max_age: 3600
+      same_site: Lax
     policies:
       - type: csrf
         secret: "cR7tK3mW9pL2vX5qJ8bN4mW6nY3zA"
diff --git a/e2e/cases/32-session/sb.yml b/e2e/cases/32-session/sb.yml
@@ -7,8 +7,8 @@ origins:
     action:
       type: proxy
       url: http://127.0.0.1:18888
-    session_config:
+    session:
       cookie_name: sbproxy_sid
-      cookie_max_age: 3600
-      cookie_same_site: Lax
+      max_age: 3600
+      same_site: Lax
       allow_non_ssl: true
