actionpack 6.1.4.3 → 6.1.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -1
- data/lib/action_dispatch/middleware/host_authorization.rb +28 -9
- data/lib/action_pack/gem_version.rb +1 -1
- metadata +15 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1c122d3421f71b41eaa2b4fef11a5ce6dfd8b697a85e5a3dcaff50fc4326da9b
|
|
4
|
+
data.tar.gz: c090acfe45da5c02c4c4ed5e566254aaa3b42860802f4843e05e0ec0bb63fb7e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 86c9508f96aff5cf65d96af499fe3650c95c58cc2e0c84a743ffb716ba72fd5486511a974f3ec4dd29198d52a9859f4cb9d1a777668e6d60792491d9397f68e7
|
|
7
|
+
data.tar.gz: 1d3ef386672fea19f17329b5de313ab4fc1a4bb999dd86ed104731a896f6d9f53607777126651d64fe2ddf12523b2bd5228f20155c03dfff74ce369361421a35
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
|
+
## Rails 6.1.4.4 (December 15, 2021) ##
|
|
2
|
+
|
|
3
|
+
* Fix issue with host protection not allowing host with port in development.
|
|
4
|
+
|
|
5
|
+
|
|
1
6
|
## Rails 6.1.4.3 (December 14, 2021) ##
|
|
2
7
|
|
|
3
|
-
*
|
|
8
|
+
* Fix issue with host protection not allowing localhost in development.
|
|
4
9
|
|
|
5
10
|
|
|
6
11
|
## Rails 6.1.4.2 (December 14, 2021) ##
|
|
@@ -15,7 +15,16 @@ module ActionDispatch
|
|
|
15
15
|
# application will be executed and rendered. If no +response_app+ is given, a
|
|
16
16
|
# default one will run, which responds with <tt>403 Forbidden</tt>.
|
|
17
17
|
class HostAuthorization
|
|
18
|
-
ALLOWED_HOSTS_IN_DEVELOPMENT = [".localhost",
|
|
18
|
+
ALLOWED_HOSTS_IN_DEVELOPMENT = [".localhost", IPAddr.new("0.0.0.0/0"), IPAddr.new("::/0")]
|
|
19
|
+
PORT_REGEX = /(?::\d+)/ # :nodoc:
|
|
20
|
+
IPV4_HOSTNAME = /(?<host>\d+\.\d+\.\d+\.\d+)#{PORT_REGEX}?/ # :nodoc:
|
|
21
|
+
IPV6_HOSTNAME = /(?<host>[a-f0-9]*:[a-f0-9.:]+)/i # :nodoc:
|
|
22
|
+
IPV6_HOSTNAME_WITH_PORT = /\[#{IPV6_HOSTNAME}\]#{PORT_REGEX}/i # :nodoc:
|
|
23
|
+
VALID_IP_HOSTNAME = Regexp.union( # :nodoc:
|
|
24
|
+
/\A#{IPV4_HOSTNAME}\z/,
|
|
25
|
+
/\A#{IPV6_HOSTNAME}\z/,
|
|
26
|
+
/\A#{IPV6_HOSTNAME_WITH_PORT}\z/,
|
|
27
|
+
)
|
|
19
28
|
|
|
20
29
|
class Permissions # :nodoc:
|
|
21
30
|
def initialize(hosts)
|
|
@@ -28,11 +37,17 @@ module ActionDispatch
|
|
|
28
37
|
|
|
29
38
|
def allows?(host)
|
|
30
39
|
@hosts.any? do |allowed|
|
|
31
|
-
allowed
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
40
|
+
if allowed.is_a?(IPAddr)
|
|
41
|
+
begin
|
|
42
|
+
allowed === extract_hostname(host)
|
|
43
|
+
rescue
|
|
44
|
+
# IPAddr#=== raises an error if you give it a hostname instead of
|
|
45
|
+
# IP. Treat similar errors as blocked access.
|
|
46
|
+
false
|
|
47
|
+
end
|
|
48
|
+
else
|
|
49
|
+
allowed === host
|
|
50
|
+
end
|
|
36
51
|
end
|
|
37
52
|
end
|
|
38
53
|
|
|
@@ -48,16 +63,20 @@ module ActionDispatch
|
|
|
48
63
|
end
|
|
49
64
|
|
|
50
65
|
def sanitize_regexp(host)
|
|
51
|
-
/\A#{host}
|
|
66
|
+
/\A#{host}#{PORT_REGEX}?\z/
|
|
52
67
|
end
|
|
53
68
|
|
|
54
69
|
def sanitize_string(host)
|
|
55
70
|
if host.start_with?(".")
|
|
56
|
-
/\A([a-z0-9-]+\.)?#{Regexp.escape(host[1..-1])}
|
|
71
|
+
/\A([a-z0-9-]+\.)?#{Regexp.escape(host[1..-1])}#{PORT_REGEX}?\z/i
|
|
57
72
|
else
|
|
58
|
-
/\A#{Regexp.escape host}
|
|
73
|
+
/\A#{Regexp.escape host}#{PORT_REGEX}?\z/i
|
|
59
74
|
end
|
|
60
75
|
end
|
|
76
|
+
|
|
77
|
+
def extract_hostname(host)
|
|
78
|
+
host.slice(VALID_IP_HOSTNAME, "host") || host
|
|
79
|
+
end
|
|
61
80
|
end
|
|
62
81
|
|
|
63
82
|
DEFAULT_RESPONSE_APP = -> env do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionpack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.1.4.
|
|
4
|
+
version: 6.1.4.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 6.1.4.
|
|
19
|
+
version: 6.1.4.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 6.1.4.
|
|
26
|
+
version: 6.1.4.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rack
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -98,28 +98,28 @@ dependencies:
|
|
|
98
98
|
requirements:
|
|
99
99
|
- - '='
|
|
100
100
|
- !ruby/object:Gem::Version
|
|
101
|
-
version: 6.1.4.
|
|
101
|
+
version: 6.1.4.4
|
|
102
102
|
type: :runtime
|
|
103
103
|
prerelease: false
|
|
104
104
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
105
|
requirements:
|
|
106
106
|
- - '='
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
|
-
version: 6.1.4.
|
|
108
|
+
version: 6.1.4.4
|
|
109
109
|
- !ruby/object:Gem::Dependency
|
|
110
110
|
name: activemodel
|
|
111
111
|
requirement: !ruby/object:Gem::Requirement
|
|
112
112
|
requirements:
|
|
113
113
|
- - '='
|
|
114
114
|
- !ruby/object:Gem::Version
|
|
115
|
-
version: 6.1.4.
|
|
115
|
+
version: 6.1.4.4
|
|
116
116
|
type: :development
|
|
117
117
|
prerelease: false
|
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
|
119
119
|
requirements:
|
|
120
120
|
- - '='
|
|
121
121
|
- !ruby/object:Gem::Version
|
|
122
|
-
version: 6.1.4.
|
|
122
|
+
version: 6.1.4.4
|
|
123
123
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
|
124
124
|
testing MVC web applications. Works with any Rack-compatible server.
|
|
125
125
|
email: david@loudthinking.com
|
|
@@ -309,11 +309,11 @@ licenses:
|
|
|
309
309
|
- MIT
|
|
310
310
|
metadata:
|
|
311
311
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
|
312
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.1.4.
|
|
313
|
-
documentation_uri: https://api.rubyonrails.org/v6.1.4.
|
|
312
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.1.4.4/actionpack/CHANGELOG.md
|
|
313
|
+
documentation_uri: https://api.rubyonrails.org/v6.1.4.4/
|
|
314
314
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
|
315
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.1.4.
|
|
316
|
-
post_install_message:
|
|
315
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.1.4.4/actionpack
|
|
316
|
+
post_install_message:
|
|
317
317
|
rdoc_options: []
|
|
318
318
|
require_paths:
|
|
319
319
|
- lib
|
|
@@ -329,8 +329,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
329
329
|
version: '0'
|
|
330
330
|
requirements:
|
|
331
331
|
- none
|
|
332
|
-
rubygems_version: 3.2.
|
|
333
|
-
signing_key:
|
|
332
|
+
rubygems_version: 3.2.32
|
|
333
|
+
signing_key:
|
|
334
334
|
specification_version: 4
|
|
335
335
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|
|
336
336
|
test_files: []
|