angular_rails_csrf 7.0.0 → 7.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/README.md +16 -4
- data/lib/angular_rails_csrf/version.rb +1 -1
- data/lib/angular_rails_csrf.rb +3 -0
- metadata +4 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b95a1805f70aa59f51398e31bc1fb65fad1c8a60291442a0b94a8573ebb2eaf0
|
|
4
|
+
data.tar.gz: 29b4dd1b60f5ae0ede924169d786fa9e9eb2dfc14b750c3c56a42837f88a0492
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e3cb2f32d02c664e5a4a5f94529944fb3cda0504964b5b83ce3781698d754b5420fb537f2a68cc1b43003fd3d50541296160c317ffae05f2e8861fb2d723c6f0
|
|
7
|
+
data.tar.gz: 5c07d1e18cc33dab0819003596635887c52bc3df47cb601abf27983ab44feff5a459a7b49ddd50f9d84a1c9a88dcd6769b7b9c9818efc9130b9a7f5c8a890c99
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 7.0.2 (01-Nov-25)
|
|
4
|
+
|
|
5
|
+
* Test with Ruby 3.5
|
|
6
|
+
* Remove deprecation message, put into passive maintenance mode
|
|
7
|
+
|
|
8
|
+
## 7.0.1 (11-May-25)
|
|
9
|
+
|
|
10
|
+
* Test with Ruby 3.4
|
|
11
|
+
* Repo moved
|
|
12
|
+
* Add deprecation message
|
|
13
|
+
|
|
3
14
|
## 7.0.0 (12-Nov-24)
|
|
4
15
|
|
|
5
16
|
* **Breaking change**: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
|
data/README.md
CHANGED
|
@@ -1,16 +1,28 @@
|
|
|
1
1
|
## AngularJS-style CSRF Protection for Rails
|
|
2
2
|
|
|
3
3
|
|
|
4
|
-
|
|
5
5
|
|
|
6
6
|
|
|
7
|
+
**This gem is in passive maintenance mode:**
|
|
8
|
+
|
|
9
|
+
James and then me (@bodrovis) have been supporting this gem since 2013. It has been downloaded more than 10 million times and we're glad you guys found it useful. However, after discussing privately we've decided to put angular_rails_csrf under passive maintenance starting from June 2025.
|
|
10
|
+
|
|
11
|
+
In modern frontend–backend architectures (e.g., Angular, React, Vue + Rails APIs), CSRF protection is typically handled via token-based authentication (JWT, OAuth) and not via CSRF cookies. This gem remains relevant only for Rails monoliths that:
|
|
12
|
+
|
|
13
|
+
- Use cookie-based session auth
|
|
14
|
+
- Serve frontend via Rails
|
|
15
|
+
- Expect `XSRF-TOKEN` / `X-XSRF-TOKEN` pattern
|
|
16
|
+
|
|
17
|
+
---
|
|
18
|
+
|
|
7
19
|
The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.
|
|
8
20
|
|
|
9
21
|
This project adds direct support for this scheme to your Rails application without requiring any changes to your AngularJS application. It also doesn't require the use of `csrf_meta_tags` to write a CSRF token into your page markup, so it works for pure JSON API applications.
|
|
10
22
|
|
|
11
23
|
Note that there is nothing AngularJS specific here, and this will work with any other front-end that implements the same scheme.
|
|
12
24
|
|
|
13
|
-
Check [version compatibility](https://github.com/
|
|
25
|
+
Check [version compatibility](https://github.com/bodrovis/angular_rails_csrf/wiki/Version-Compatibility) to learn which Rails/Rubies are currently supported.
|
|
14
26
|
|
|
15
27
|
## Installation
|
|
16
28
|
|
|
@@ -102,7 +114,7 @@ end
|
|
|
102
114
|
|
|
103
115
|
### Exclusions
|
|
104
116
|
|
|
105
|
-
Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/
|
|
117
|
+
Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/bodrovis/angular_rails_csrf/issues/7)):
|
|
106
118
|
|
|
107
119
|
```ruby
|
|
108
120
|
class ExclusionsController < ApplicationController
|
|
@@ -128,4 +140,4 @@ $ rake test
|
|
|
128
140
|
|
|
129
141
|
## License
|
|
130
142
|
|
|
131
|
-
Licensed under the [MIT License](https://github.com/
|
|
143
|
+
Licensed under the [MIT License](https://github.com/bodrovis/angular_rails_csrf/blob/master/LICENSE.md).
|
data/lib/angular_rails_csrf.rb
CHANGED
metadata
CHANGED
|
@@ -1,15 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: angular_rails_csrf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.
|
|
4
|
+
version: 7.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Sanders
|
|
8
8
|
- Ilya Krukowski
|
|
9
|
-
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date:
|
|
11
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: railties
|
|
@@ -47,12 +46,11 @@ files:
|
|
|
47
46
|
- lib/angular_rails_csrf/concern.rb
|
|
48
47
|
- lib/angular_rails_csrf/railtie.rb
|
|
49
48
|
- lib/angular_rails_csrf/version.rb
|
|
50
|
-
homepage: https://github.com/
|
|
49
|
+
homepage: https://github.com/bodrovis/angular_rails_csrf
|
|
51
50
|
licenses:
|
|
52
51
|
- MIT
|
|
53
52
|
metadata:
|
|
54
53
|
rubygems_mfa_required: 'true'
|
|
55
|
-
post_install_message:
|
|
56
54
|
rdoc_options: []
|
|
57
55
|
require_paths:
|
|
58
56
|
- lib
|
|
@@ -67,8 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
67
65
|
- !ruby/object:Gem::Version
|
|
68
66
|
version: '0'
|
|
69
67
|
requirements: []
|
|
70
|
-
rubygems_version: 3.
|
|
71
|
-
signing_key:
|
|
68
|
+
rubygems_version: 3.7.2
|
|
72
69
|
specification_version: 4
|
|
73
70
|
summary: Support for AngularJS $http service style CSRF protection in Rails
|
|
74
71
|
test_files: []
|