angular_rails_csrf 6.0.0 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +119 -0
- data/LICENSE.md +20 -0
- data/lib/angular_rails_csrf/concern.rb +2 -0
- data/lib/angular_rails_csrf/version.rb +1 -1
- metadata +8 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1d0b9c0281d924d679f0a9b8b71f5d1b4842a4bc9b78ede13f848c3e91479668
|
|
4
|
+
data.tar.gz: 4efbd91eb24c813ceb2553e2834e5db627cdc4b23c4dedac37ec89e7f5465d80
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9cbc548f3e81540ba29b5ca46fa331899337eabd34422e70777e96cbc5ee2443aa962b63bed1ae779f62667389bc761c8bbe1ae2adc2e998426c94290074588b
|
|
7
|
+
data.tar.gz: '08e800161939ca9a70f9007ba818d4f9d094dea85241329d99d4310e099034e4eaf95254dc08606c4d26be2b98d231d74ef9e80e970a382df0a6cc73945ad5fb'
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## 7.0.0 (12-Nov-24)
|
|
4
|
+
|
|
5
|
+
* **Breaking change**: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
|
|
6
|
+
* Set Railties dependency to `< 9`
|
|
7
|
+
* Test with Rails 8
|
|
8
|
+
* Do not test with Ruby 3.0 and 3.1
|
|
9
|
+
|
|
10
|
+
## 6.0.0 (14-Nov-23)
|
|
11
|
+
|
|
12
|
+
* **Breaking change**: drop support for Ruby < 3. If you need to support older Rubies, stay on v5. If you'd like to support *even older stuff*, v4.5.0 is your choice as it plays nicely with Rails 5.1 and Ruby 2.5.
|
|
13
|
+
* Test only with Rails 7
|
|
14
|
+
* Fix some failing tests, minor tweaks
|
|
15
|
+
|
|
16
|
+
## 5.0.0 (14-Dec-21)
|
|
17
|
+
|
|
18
|
+
* Add support for Rails 7.
|
|
19
|
+
* Test against Rails 6.1 and Rails 7.0.
|
|
20
|
+
* Test against Ruby 3.0.
|
|
21
|
+
* Rails 5.1 is not supported officially anymore (but should still work fine).
|
|
22
|
+
* Ruby < 2.7 is not supported anymore (has reached end of life) but should still work.
|
|
23
|
+
|
|
24
|
+
## 4.5.0 (21-Sep-20)
|
|
25
|
+
|
|
26
|
+
* Added a new [`HttpOnly` option](https://github.com/jsanders/angular_rails_csrf#httponly-cookie) (thanks, [@Lubo-mir](https://github.com/Lubo-mir))
|
|
27
|
+
* Introduced some code refactorings
|
|
28
|
+
|
|
29
|
+
## 4.4.0 (04-Aug-20)
|
|
30
|
+
|
|
31
|
+
* Make the gem play nicely with controllers that do not have `protect_against_forgery?` method defined — for example, certain Doorkeeper controllers (thanks, [@amenz](https://github.com/amenz))
|
|
32
|
+
* Updated dependencies and cops
|
|
33
|
+
|
|
34
|
+
## 4.3.0 (18-May-20)
|
|
35
|
+
|
|
36
|
+
* Ruby version 2.4 is no longer officially supported (though it still should work) - this is also due to the fact that [v2.4 is abanoded by Ruby core team as well](https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/). Required Ruby version is now 2.5+ according to [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility).
|
|
37
|
+
* Dropped backwards compatibility with older versions of Rails (v4 and below). [If you require Rails 4 support, use angular_rails_csrf v3]((https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility)).
|
|
38
|
+
* Increased test coverage up to 100%.
|
|
39
|
+
|
|
40
|
+
## 4.2.0 (31-Mar-20)
|
|
41
|
+
|
|
42
|
+
* Added a new [`angular_rails_csrf_same_site` option](https://github.com/jsanders/angular_rails_csrf#samesite) which defaults to `:lax` (thanks, [@timobleeker](https://github.com/timobleeker))
|
|
43
|
+
+ This option is introduced to comply with the latest changes: https://www.chromium.org/updates/same-site
|
|
44
|
+
* Update cops
|
|
45
|
+
|
|
46
|
+
## 4.1.0 (03-Feb-20)
|
|
47
|
+
|
|
48
|
+
* Added a new [`angular_rails_csrf_secure` option](https://github.com/jsanders/angular_rails_csrf#secure-cookie) (thanks, [@DougKeller](https://github.com/DougKeller))
|
|
49
|
+
* Tested against Ruby 2.7
|
|
50
|
+
|
|
51
|
+
## 4.0.1 (23-Dec-19)
|
|
52
|
+
|
|
53
|
+
* Updated dependencies, tested against more recent Rubies and Rails
|
|
54
|
+
* Updated Gemfile for Bundler 2
|
|
55
|
+
* Added Rubocop and SimpleCov
|
|
56
|
+
|
|
57
|
+
## 4.0.0 (20-Aug-19)
|
|
58
|
+
|
|
59
|
+
Updated:
|
|
60
|
+
* Added support for Rails 6.0
|
|
61
|
+
* Drop support for Rails 4
|
|
62
|
+
|
|
63
|
+
## 3.2.0
|
|
64
|
+
|
|
65
|
+
New feature:
|
|
66
|
+
* Allow cookie's name to be customized (thanks, [@timobleeker](https://github.com/timobleeker))
|
|
67
|
+
|
|
68
|
+
## 3.1.0
|
|
69
|
+
|
|
70
|
+
Updated:
|
|
71
|
+
* Added support for Rails 5.2.0
|
|
72
|
+
|
|
73
|
+
Testing:
|
|
74
|
+
* Tested against more recent Ruby/Rails versions
|
|
75
|
+
|
|
76
|
+
## 3.0.0
|
|
77
|
+
|
|
78
|
+
New feature:
|
|
79
|
+
* Allow cookie domain to be set via `Rails.application.config` (thanks, [@gingermusketeer](https://github.com/gingermusketeer))
|
|
80
|
+
|
|
81
|
+
Updated:
|
|
82
|
+
* Dropped support for Rails < 4
|
|
83
|
+
* Dropped official support for Ruby 2.2 though it should still work
|
|
84
|
+
|
|
85
|
+
Testing:
|
|
86
|
+
* Test against more recent versions of Ruby and Rails
|
|
87
|
+
|
|
88
|
+
## 2.1.1
|
|
89
|
+
|
|
90
|
+
Updated:
|
|
91
|
+
* Added support for Rails 5.1.1
|
|
92
|
+
|
|
93
|
+
Testing:
|
|
94
|
+
* Test against more recent versions of Ruby
|
|
95
|
+
* Test against Rails 5.1.1
|
|
96
|
+
|
|
97
|
+
## 2.1.0
|
|
98
|
+
|
|
99
|
+
Updated:
|
|
100
|
+
* Added support for Rails 5.1
|
|
101
|
+
|
|
102
|
+
Testing improvements:
|
|
103
|
+
* Tested against Rails 5.1
|
|
104
|
+
* Tested against Ruby 2.4.0
|
|
105
|
+
* We are no longer testing against Rails < 4.2
|
|
106
|
+
|
|
107
|
+
## 2.0.0
|
|
108
|
+
|
|
109
|
+
**Breaking changes:**
|
|
110
|
+
* Revert to `after_action` again (fixes [issues with Devise](https://github.com/jsanders/angular_rails_csrf/issues/17) and similar solutions)
|
|
111
|
+
* Introduced a new `exclude_xsrf_token_cookie` class method to exclude setting CSRF token for certain controllers. This is done to take care of [problems with streaming](https://github.com/jsanders/angular_rails_csrf/issues/7).
|
|
112
|
+
|
|
113
|
+
Updated:
|
|
114
|
+
* Added support for Rails 5
|
|
115
|
+
* `rails` dependency changed to `railties`
|
|
116
|
+
|
|
117
|
+
Testing improvements:
|
|
118
|
+
* Tested against Rails 5
|
|
119
|
+
* Tested against Ruby 2.2.5 and 2.3.0
|
data/LICENSE.md
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Copyright 2024 James Sanders, Ilya Krukowski
|
|
2
|
+
|
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
|
+
a copy of this software and associated documentation files (the
|
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
|
9
|
+
the following conditions:
|
|
10
|
+
|
|
11
|
+
The above copyright notice and this permission notice shall be
|
|
12
|
+
included in all copies or substantial portions of the Software.
|
|
13
|
+
|
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@@ -42,6 +42,8 @@ module AngularRailsCsrf
|
|
|
42
42
|
# Fetches the given option from config
|
|
43
43
|
# If the option is not set, return a default value
|
|
44
44
|
def option_from(config, option, default = nil)
|
|
45
|
+
return default if config.nil?
|
|
46
|
+
|
|
45
47
|
config.respond_to?(option) ? config.send(option) : default
|
|
46
48
|
end
|
|
47
49
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: angular_rails_csrf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 7.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Sanders
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-11-12 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: railties
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
version: '3'
|
|
21
21
|
- - "<"
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: '
|
|
23
|
+
version: '9'
|
|
24
24
|
type: :runtime
|
|
25
25
|
prerelease: false
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
version: '3'
|
|
31
31
|
- - "<"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '9'
|
|
34
34
|
description: AngularJS style CSRF protection for Rails
|
|
35
35
|
email:
|
|
36
36
|
- sanderjd@gmail.com
|
|
@@ -39,6 +39,8 @@ executables: []
|
|
|
39
39
|
extensions: []
|
|
40
40
|
extra_rdoc_files: []
|
|
41
41
|
files:
|
|
42
|
+
- CHANGELOG.md
|
|
43
|
+
- LICENSE.md
|
|
42
44
|
- README.md
|
|
43
45
|
- Rakefile
|
|
44
46
|
- lib/angular_rails_csrf.rb
|
|
@@ -58,14 +60,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
58
60
|
requirements:
|
|
59
61
|
- - ">="
|
|
60
62
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '3.
|
|
63
|
+
version: '3.2'
|
|
62
64
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
63
65
|
requirements:
|
|
64
66
|
- - ">="
|
|
65
67
|
- !ruby/object:Gem::Version
|
|
66
68
|
version: '0'
|
|
67
69
|
requirements: []
|
|
68
|
-
rubygems_version: 3.
|
|
70
|
+
rubygems_version: 3.5.23
|
|
69
71
|
signing_key:
|
|
70
72
|
specification_version: 4
|
|
71
73
|
summary: Support for AngularJS $http service style CSRF protection in Rails
|