angular_rails_csrf 6.0.0 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +119 -0
- data/LICENSE.md +20 -0
- data/lib/angular_rails_csrf/concern.rb +2 -0
- data/lib/angular_rails_csrf/version.rb +1 -1
- metadata +8 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1d0b9c0281d924d679f0a9b8b71f5d1b4842a4bc9b78ede13f848c3e91479668
|
|
4
|
+
data.tar.gz: 4efbd91eb24c813ceb2553e2834e5db627cdc4b23c4dedac37ec89e7f5465d80
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9cbc548f3e81540ba29b5ca46fa331899337eabd34422e70777e96cbc5ee2443aa962b63bed1ae779f62667389bc761c8bbe1ae2adc2e998426c94290074588b
|
|
7
|
+
data.tar.gz: '08e800161939ca9a70f9007ba818d4f9d094dea85241329d99d4310e099034e4eaf95254dc08606c4d26be2b98d231d74ef9e80e970a382df0a6cc73945ad5fb'
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## 7.0.0 (12-Nov-24)
|
|
4
|
+
|
|
5
|
+
* **Breaking change**: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
|
|
6
|
+
* Set Railties dependency to `< 9`
|
|
7
|
+
* Test with Rails 8
|
|
8
|
+
* Do not test with Ruby 3.0 and 3.1
|
|
9
|
+
|
|
10
|
+
## 6.0.0 (14-Nov-23)
|
|
11
|
+
|
|
12
|
+
* **Breaking change**: drop support for Ruby < 3. If you need to support older Rubies, stay on v5. If you'd like to support *even older stuff*, v4.5.0 is your choice as it plays nicely with Rails 5.1 and Ruby 2.5.
|
|
13
|
+
* Test only with Rails 7
|
|
14
|
+
* Fix some failing tests, minor tweaks
|
|
15
|
+
|
|
16
|
+
## 5.0.0 (14-Dec-21)
|
|
17
|
+
|
|
18
|
+
* Add support for Rails 7.
|
|
19
|
+
* Test against Rails 6.1 and Rails 7.0.
|
|
20
|
+
* Test against Ruby 3.0.
|
|
21
|
+
* Rails 5.1 is not supported officially anymore (but should still work fine).
|
|
22
|
+
* Ruby < 2.7 is not supported anymore (has reached end of life) but should still work.
|
|
23
|
+
|
|
24
|
+
## 4.5.0 (21-Sep-20)
|
|
25
|
+
|
|
26
|
+
* Added a new [`HttpOnly` option](https://github.com/jsanders/angular_rails_csrf#httponly-cookie) (thanks, [@Lubo-mir](https://github.com/Lubo-mir))
|
|
27
|
+
* Introduced some code refactorings
|
|
28
|
+
|
|
29
|
+
## 4.4.0 (04-Aug-20)
|
|
30
|
+
|
|
31
|
+
* Make the gem play nicely with controllers that do not have `protect_against_forgery?` method defined — for example, certain Doorkeeper controllers (thanks, [@amenz](https://github.com/amenz))
|
|
32
|
+
* Updated dependencies and cops
|
|
33
|
+
|
|
34
|
+
## 4.3.0 (18-May-20)
|
|
35
|
+
|
|
36
|
+
* Ruby version 2.4 is no longer officially supported (though it still should work) - this is also due to the fact that [v2.4 is abanoded by Ruby core team as well](https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/). Required Ruby version is now 2.5+ according to [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility).
|
|
37
|
+
* Dropped backwards compatibility with older versions of Rails (v4 and below). [If you require Rails 4 support, use angular_rails_csrf v3]((https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility)).
|
|
38
|
+
* Increased test coverage up to 100%.
|
|
39
|
+
|
|
40
|
+
## 4.2.0 (31-Mar-20)
|
|
41
|
+
|
|
42
|
+
* Added a new [`angular_rails_csrf_same_site` option](https://github.com/jsanders/angular_rails_csrf#samesite) which defaults to `:lax` (thanks, [@timobleeker](https://github.com/timobleeker))
|
|
43
|
+
+ This option is introduced to comply with the latest changes: https://www.chromium.org/updates/same-site
|
|
44
|
+
* Update cops
|
|
45
|
+
|
|
46
|
+
## 4.1.0 (03-Feb-20)
|
|
47
|
+
|
|
48
|
+
* Added a new [`angular_rails_csrf_secure` option](https://github.com/jsanders/angular_rails_csrf#secure-cookie) (thanks, [@DougKeller](https://github.com/DougKeller))
|
|
49
|
+
* Tested against Ruby 2.7
|
|
50
|
+
|
|
51
|
+
## 4.0.1 (23-Dec-19)
|
|
52
|
+
|
|
53
|
+
* Updated dependencies, tested against more recent Rubies and Rails
|
|
54
|
+
* Updated Gemfile for Bundler 2
|
|
55
|
+
* Added Rubocop and SimpleCov
|
|
56
|
+
|
|
57
|
+
## 4.0.0 (20-Aug-19)
|
|
58
|
+
|
|
59
|
+
Updated:
|
|
60
|
+
* Added support for Rails 6.0
|
|
61
|
+
* Drop support for Rails 4
|
|
62
|
+
|
|
63
|
+
## 3.2.0
|
|
64
|
+
|
|
65
|
+
New feature:
|
|
66
|
+
* Allow cookie's name to be customized (thanks, [@timobleeker](https://github.com/timobleeker))
|
|
67
|
+
|
|
68
|
+
## 3.1.0
|
|
69
|
+
|
|
70
|
+
Updated:
|
|
71
|
+
* Added support for Rails 5.2.0
|
|
72
|
+
|
|
73
|
+
Testing:
|
|
74
|
+
* Tested against more recent Ruby/Rails versions
|
|
75
|
+
|
|
76
|
+
## 3.0.0
|
|
77
|
+
|
|
78
|
+
New feature:
|
|
79
|
+
* Allow cookie domain to be set via `Rails.application.config` (thanks, [@gingermusketeer](https://github.com/gingermusketeer))
|
|
80
|
+
|
|
81
|
+
Updated:
|
|
82
|
+
* Dropped support for Rails < 4
|
|
83
|
+
* Dropped official support for Ruby 2.2 though it should still work
|
|
84
|
+
|
|
85
|
+
Testing:
|
|
86
|
+
* Test against more recent versions of Ruby and Rails
|
|
87
|
+
|
|
88
|
+
## 2.1.1
|
|
89
|
+
|
|
90
|
+
Updated:
|
|
91
|
+
* Added support for Rails 5.1.1
|
|
92
|
+
|
|
93
|
+
Testing:
|
|
94
|
+
* Test against more recent versions of Ruby
|
|
95
|
+
* Test against Rails 5.1.1
|
|
96
|
+
|
|
97
|
+
## 2.1.0
|
|
98
|
+
|
|
99
|
+
Updated:
|
|
100
|
+
* Added support for Rails 5.1
|
|
101
|
+
|
|
102
|
+
Testing improvements:
|
|
103
|
+
* Tested against Rails 5.1
|
|
104
|
+
* Tested against Ruby 2.4.0
|
|
105
|
+
* We are no longer testing against Rails < 4.2
|
|
106
|
+
|
|
107
|
+
## 2.0.0
|
|
108
|
+
|
|
109
|
+
**Breaking changes:**
|
|
110
|
+
* Revert to `after_action` again (fixes [issues with Devise](https://github.com/jsanders/angular_rails_csrf/issues/17) and similar solutions)
|
|
111
|
+
* Introduced a new `exclude_xsrf_token_cookie` class method to exclude setting CSRF token for certain controllers. This is done to take care of [problems with streaming](https://github.com/jsanders/angular_rails_csrf/issues/7).
|
|
112
|
+
|
|
113
|
+
Updated:
|
|
114
|
+
* Added support for Rails 5
|
|
115
|
+
* `rails` dependency changed to `railties`
|
|
116
|
+
|
|
117
|
+
Testing improvements:
|
|
118
|
+
* Tested against Rails 5
|
|
119
|
+
* Tested against Ruby 2.2.5 and 2.3.0
|
data/LICENSE.md
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Copyright 2024 James Sanders, Ilya Krukowski
|
|
2
|
+
|
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
|
+
a copy of this software and associated documentation files (the
|
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
|
9
|
+
the following conditions:
|
|
10
|
+
|
|
11
|
+
The above copyright notice and this permission notice shall be
|
|
12
|
+
included in all copies or substantial portions of the Software.
|
|
13
|
+
|
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@@ -42,6 +42,8 @@ module AngularRailsCsrf
|
|
|
42
42
|
# Fetches the given option from config
|
|
43
43
|
# If the option is not set, return a default value
|
|
44
44
|
def option_from(config, option, default = nil)
|
|
45
|
+
return default if config.nil?
|
|
46
|
+
|
|
45
47
|
config.respond_to?(option) ? config.send(option) : default
|
|
46
48
|
end
|
|
47
49
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: angular_rails_csrf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 7.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Sanders
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-11-12 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: railties
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
version: '3'
|
|
21
21
|
- - "<"
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: '
|
|
23
|
+
version: '9'
|
|
24
24
|
type: :runtime
|
|
25
25
|
prerelease: false
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
version: '3'
|
|
31
31
|
- - "<"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '9'
|
|
34
34
|
description: AngularJS style CSRF protection for Rails
|
|
35
35
|
email:
|
|
36
36
|
- sanderjd@gmail.com
|
|
@@ -39,6 +39,8 @@ executables: []
|
|
|
39
39
|
extensions: []
|
|
40
40
|
extra_rdoc_files: []
|
|
41
41
|
files:
|
|
42
|
+
- CHANGELOG.md
|
|
43
|
+
- LICENSE.md
|
|
42
44
|
- README.md
|
|
43
45
|
- Rakefile
|
|
44
46
|
- lib/angular_rails_csrf.rb
|
|
@@ -58,14 +60,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
58
60
|
requirements:
|
|
59
61
|
- - ">="
|
|
60
62
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '3.
|
|
63
|
+
version: '3.2'
|
|
62
64
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
63
65
|
requirements:
|
|
64
66
|
- - ">="
|
|
65
67
|
- !ruby/object:Gem::Version
|
|
66
68
|
version: '0'
|
|
67
69
|
requirements: []
|
|
68
|
-
rubygems_version: 3.
|
|
70
|
+
rubygems_version: 3.5.23
|
|
69
71
|
signing_key:
|
|
70
72
|
specification_version: 4
|
|
71
73
|
summary: Support for AngularJS $http service style CSRF protection in Rails
|