angular_rails_csrf 7.0.0 → 7.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +20 -4
  4. data/lib/angular_rails_csrf/railtie.rb +11 -0
  5. data/lib/angular_rails_csrf/version.rb +1 -1
  6. data/lib/angular_rails_csrf.rb +6 -0
  7. metadata +5 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1d0b9c0281d924d679f0a9b8b71f5d1b4842a4bc9b78ede13f848c3e91479668
4
- data.tar.gz: 4efbd91eb24c813ceb2553e2834e5db627cdc4b23c4dedac37ec89e7f5465d80
3
+ metadata.gz: 93c2203c523539847ce011752c0a50ba0662f1f05aef215343ad3dd8f576cf2c
4
+ data.tar.gz: 19031ae6c4b9c5c9f4fcfdeadeb0853c7cc4c0fcd592768b833b06447d3ffdfe
5
5
  SHA512:
6
- metadata.gz: 9cbc548f3e81540ba29b5ca46fa331899337eabd34422e70777e96cbc5ee2443aa962b63bed1ae779f62667389bc761c8bbe1ae2adc2e998426c94290074588b
7
- data.tar.gz: '08e800161939ca9a70f9007ba818d4f9d094dea85241329d99d4310e099034e4eaf95254dc08606c4d26be2b98d231d74ef9e80e970a382df0a6cc73945ad5fb'
6
+ metadata.gz: 9a4a6a941ccb94e0cdcd18b51db96c3efccf2beecaec88a105cd88a377cf8e1700c92cfb9ba555f86cb0f24452ce80c299154cf2704356da37ab240482270e44
7
+ data.tar.gz: 02431a3ecc99795abcd1d827cb3c1d058e285c12ccb2d3ecb4aa6f788cca4a9cf0e4796f516792aebacdd5d49047d8b077d8900ce4c154c74d420bac6225bb69
data/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # Changelog
2
2
 
3
+ ## 7.0.1 (11-May-25)
4
+
5
+ * Test with Ruby 3.4
6
+ * Repo moved
7
+ * Add deprecation message
8
+
3
9
  ## 7.0.0 (12-Nov-24)
4
10
 
5
11
  * **Breaking change**: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
data/README.md CHANGED
@@ -1,16 +1,32 @@
1
1
  ## AngularJS-style CSRF Protection for Rails
2
2
 
3
3
  ![Gem](https://img.shields.io/gem/v/angular_rails_csrf)
4
- ![CI](https://github.com/jsanders/angular_rails_csrf/actions/workflows/ci.yml/badge.svg)
4
+ ![CI](https://github.com/bodrovis/angular_rails_csrf/actions/workflows/ci.yml/badge.svg)
5
5
  ![Downloads total](https://img.shields.io/gem/dt/angular_rails_csrf)
6
6
 
7
+ **Deprecation notice (2025)**
8
+
9
+ James and then me (@bodrovis) have been supporting this gem since 2013. It has been downloaded more than 10 million times and we're glad you guys found it useful. However, after discussing privately we've decided to put angular_rails_csrf under passive maintenance starting from June 2025.
10
+
11
+ In modern frontend–backend architectures (e.g., Angular, React, Vue + Rails APIs), CSRF protection is typically handled via token-based authentication (JWT, OAuth) and not via CSRF cookies. This gem remains relevant only for Rails monoliths that:
12
+
13
+ - Use cookie-based session auth
14
+ - Serve frontend via Rails
15
+ - Expect `XSRF-TOKEN` / `X-XSRF-TOKEN` pattern
16
+
17
+ If you're actively using this gem and want to see it maintained or enhanced, please [open an issue](https://github.com/bodrovis/angular_rails_csrf/issues) describing your use case.
18
+
19
+ Otherwise, this project may be archived in late 2025 or 2026. Thank you!
20
+
21
+ ---
22
+
7
23
  The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.
8
24
 
9
25
  This project adds direct support for this scheme to your Rails application without requiring any changes to your AngularJS application. It also doesn't require the use of `csrf_meta_tags` to write a CSRF token into your page markup, so it works for pure JSON API applications.
10
26
 
11
27
  Note that there is nothing AngularJS specific here, and this will work with any other front-end that implements the same scheme.
12
28
 
13
- Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility) to learn which Rails/Rubies are currently supported.
29
+ Check [version compatibility](https://github.com/bodrovis/angular_rails_csrf/wiki/Version-Compatibility) to learn which Rails/Rubies are currently supported.
14
30
 
15
31
  ## Installation
16
32
 
@@ -102,7 +118,7 @@ end
102
118
 
103
119
  ### Exclusions
104
120
 
105
- Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
121
+ Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/bodrovis/angular_rails_csrf/issues/7)):
106
122
 
107
123
  ```ruby
108
124
  class ExclusionsController < ApplicationController
@@ -128,4 +144,4 @@ $ rake test
128
144
 
129
145
  ## License
130
146
 
131
- Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).
147
+ Licensed under the [MIT License](https://github.com/bodrovis/angular_rails_csrf/blob/master/LICENSE.md).
data/lib/angular_rails_csrf/railtie.rb CHANGED
@@ -9,5 +9,16 @@ module AngularRailsCsrf
9
9
  include AngularRailsCsrf::Concern
10
10
  end
11
11
  end
12
+
13
+ initializer 'angular-rails-csrf.deprecation_notice' do |_app|
14
+ unless Rails.env.test? || ENV['ANGULAR_RAILS_CSRF_SILENCE']
15
+ AngularRailsCsrf.deprecator.warn(
16
+ '[angular_rails_csrf] This gem is under passive maintenance and may be sunset in the future. ' \
17
+ 'Open an issue if you rely on it and want it to live on: ' \
18
+ 'https://github.com/bodrovis/angular_rails_csrf/issues. ' \
19
+ 'Set ANGULAR_RAILS_CSRF_SILENCE to silence this warning.'
20
+ )
21
+ end
22
+ end
12
23
  end
13
24
  end
data/lib/angular_rails_csrf/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module AngularRailsCsrf
4
- VERSION = '7.0.0'
4
+ VERSION = '7.0.1'
5
5
  end
data/lib/angular_rails_csrf.rb CHANGED
@@ -1,3 +1,9 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'angular_rails_csrf/railtie'
4
+
5
+ module AngularRailsCsrf
6
+ def self.deprecator
7
+ @deprecator ||= ActiveSupport::Deprecation.new('7.0', 'angular_rails_csrf')
8
+ end
9
+ end
metadata CHANGED
@@ -1,15 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: angular_rails_csrf
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.0
4
+ version: 7.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Sanders
8
8
  - Ilya Krukowski
9
- autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2024-11-12 00:00:00.000000000 Z
11
+ date: 1980-01-02 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: railties
@@ -47,12 +46,12 @@ files:
47
46
  - lib/angular_rails_csrf/concern.rb
48
47
  - lib/angular_rails_csrf/railtie.rb
49
48
  - lib/angular_rails_csrf/version.rb
50
- homepage: https://github.com/jsanders/angular_rails_csrf
49
+ homepage: https://github.com/bodrovis/angular_rails_csrf
51
50
  licenses:
52
51
  - MIT
53
52
  metadata:
54
53
  rubygems_mfa_required: 'true'
55
- post_install_message:
54
+ deprecation_warning: Passive maintenance; may be sunset in 2025-2026. See README.
56
55
  rdoc_options: []
57
56
  require_paths:
58
57
  - lib
@@ -67,8 +66,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
67
66
  - !ruby/object:Gem::Version
68
67
  version: '0'
69
68
  requirements: []
70
- rubygems_version: 3.5.23
71
- signing_key:
69
+ rubygems_version: 3.6.8
72
70
  specification_version: 4
73
71
  summary: Support for AngularJS $http service style CSRF protection in Rails
74
72
  test_files: []