breach-mitigation-rails 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 64e63c351315be8aaafb77eabd8fbb1a80ee871b
-  data.tar.gz: ab1b890da9969ad175eba5ee6ad1932488ee6033
+  metadata.gz: 552f77a2f8db017504d2357a189bc0c9a154a34e
+  data.tar.gz: fcb86ce3d3637b5a4aa9a8848ff3e147be1cc80f
 SHA512:
-  metadata.gz: c0ec64dc560ef8cc8809e31d6a0b046ab4ea7ce657f481284a9f9b89b7a4904b4f44b7eb6dbd3156cde22ec33aed7fdd11bd5e9659ad50c747c1217b8b2d5fd1
-  data.tar.gz: 3ce2a737b1e80ecb4ef833c1b765192ffa037082282821881ecfcc19c86a4d62efd93857ce95d9526837d617628b3580bb45e5744abc54b8338f2734b28f75cc
+  metadata.gz: cb939e4c02545bb55de00335ebe857d946eb8f3b231df5b50f5a413c5b0ffaeaf0cc287cac45d673557c0ea78f8fe77d6b3e42a34e246aec4b486f24209d672c
+  data.tar.gz: e1763744407fc1ac94f04e5b834c665e55c0af7f0749cab91dc5dd9db55420e16a98b0088b2753a5d7f2e2b727e741215508e98844cf31986e434befe746c427

data/README.md

@@ -40,6 +40,10 @@ And then execute:
 
     $ bundle
 
+The length-hiding can be disabled by doing:
+
+    Rails.application.config.exclude_breach_length_hiding = true
+
 For most Rails apps, that should be enough, but read on for the gory
 details...
 

data/lib/breach_mitigation/length_hiding.rb

@@ -9,8 +9,8 @@ module BreachMitigation
     def call(env)
       status, headers, body = @app.call(env)
 
-      # Only pad HTML documents
-      if headers['Content-Type'] =~ /text\/html/ && env['rack.url_scheme'] == 'https'
+      # Only pad HTML/XHTML documents
+      if headers['Content-Type'] =~ /text\/x?html/ && env['rack.url_scheme'] == 'https'
         # Copy the existing response to a new object
         response = Rack::Response.new(body, status, headers)
 

data/lib/breach_mitigation/railtie.rb

@@ -1,13 +1,15 @@
-require 'breach_mitigation/length_hiding'
 require 'breach_mitigation/masking_secrets'
 
 module BreachMitigation
   class Railtie < Rails::Railtie
     initializer "breach-mitigation-rails.insert_middleware" do |app|
-      if Rails.version.include?("3.0.")
-        app.config.middleware.use "BreachMitigation::LengthHiding"
-      else
-        app.config.middleware.insert_before "Rack::ETag", "BreachMitigation::LengthHiding"
+      if !app.config.respond_to?(:exclude_breach_length_hiding) || !app.config.exclude_breach_length_hiding
+        require 'breach_mitigation/length_hiding'
+        if Rails.version.include?("3.0.")
+          app.config.middleware.use "BreachMitigation::LengthHiding"
+        else
+          app.config.middleware.insert_before "Rack::ETag", "BreachMitigation::LengthHiding"
+        end
       end
     end
   end

data/lib/breach_mitigation/version.rb

@@ -1,3 +1,3 @@
 module BreachMitigation
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end

data/spec/spec_helper.rb

@@ -1,5 +1,6 @@
 require 'rubygems'
 require 'bundler/setup'
+require 'securerandom'
 
 require 'breach-mitigation-rails'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: breach-mitigation-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Bradley Buda