breach-mitigation-rails 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -0
  3. data/lib/breach_mitigation/length_hiding.rb +2 -2
  4. data/lib/breach_mitigation/railtie.rb +7 -5
  5. data/lib/breach_mitigation/version.rb +1 -1
  6. data/spec/spec_helper.rb +1 -0
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 64e63c351315be8aaafb77eabd8fbb1a80ee871b
4
- data.tar.gz: ab1b890da9969ad175eba5ee6ad1932488ee6033
3
+ metadata.gz: 552f77a2f8db017504d2357a189bc0c9a154a34e
4
+ data.tar.gz: fcb86ce3d3637b5a4aa9a8848ff3e147be1cc80f
5
5
  SHA512:
6
- metadata.gz: c0ec64dc560ef8cc8809e31d6a0b046ab4ea7ce657f481284a9f9b89b7a4904b4f44b7eb6dbd3156cde22ec33aed7fdd11bd5e9659ad50c747c1217b8b2d5fd1
7
- data.tar.gz: 3ce2a737b1e80ecb4ef833c1b765192ffa037082282821881ecfcc19c86a4d62efd93857ce95d9526837d617628b3580bb45e5744abc54b8338f2734b28f75cc
6
+ metadata.gz: cb939e4c02545bb55de00335ebe857d946eb8f3b231df5b50f5a413c5b0ffaeaf0cc287cac45d673557c0ea78f8fe77d6b3e42a34e246aec4b486f24209d672c
7
+ data.tar.gz: e1763744407fc1ac94f04e5b834c665e55c0af7f0749cab91dc5dd9db55420e16a98b0088b2753a5d7f2e2b727e741215508e98844cf31986e434befe746c427
data/README.md CHANGED
@@ -40,6 +40,10 @@ And then execute:
40
40
 
41
41
  $ bundle
42
42
 
43
+ The length-hiding can be disabled by doing:
44
+
45
+ Rails.application.config.exclude_breach_length_hiding = true
46
+
43
47
  For most Rails apps, that should be enough, but read on for the gory
44
48
  details...
45
49
 
data/lib/breach_mitigation/length_hiding.rb CHANGED
@@ -9,8 +9,8 @@ module BreachMitigation
9
9
  def call(env)
10
10
  status, headers, body = @app.call(env)
11
11
 
12
- # Only pad HTML documents
13
- if headers['Content-Type'] =~ /text\/html/ && env['rack.url_scheme'] == 'https'
12
+ # Only pad HTML/XHTML documents
13
+ if headers['Content-Type'] =~ /text\/x?html/ && env['rack.url_scheme'] == 'https'
14
14
  # Copy the existing response to a new object
15
15
  response = Rack::Response.new(body, status, headers)
16
16
 
data/lib/breach_mitigation/railtie.rb CHANGED
@@ -1,13 +1,15 @@
1
- require 'breach_mitigation/length_hiding'
2
1
  require 'breach_mitigation/masking_secrets'
3
2
 
4
3
  module BreachMitigation
5
4
  class Railtie < Rails::Railtie
6
5
  initializer "breach-mitigation-rails.insert_middleware" do |app|
7
- if Rails.version.include?("3.0.")
8
- app.config.middleware.use "BreachMitigation::LengthHiding"
9
- else
10
- app.config.middleware.insert_before "Rack::ETag", "BreachMitigation::LengthHiding"
6
+ if !app.config.respond_to?(:exclude_breach_length_hiding) || !app.config.exclude_breach_length_hiding
7
+ require 'breach_mitigation/length_hiding'
8
+ if Rails.version.include?("3.0.")
9
+ app.config.middleware.use "BreachMitigation::LengthHiding"
10
+ else
11
+ app.config.middleware.insert_before "Rack::ETag", "BreachMitigation::LengthHiding"
12
+ end
11
13
  end
12
14
  end
13
15
  end
data/lib/breach_mitigation/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module BreachMitigation
2
- VERSION = "0.2.0"
2
+ VERSION = "0.2.1"
3
3
  end
data/spec/spec_helper.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  require 'rubygems'
2
2
  require 'bundler/setup'
3
+ require 'securerandom'
3
4
 
4
5
  require 'breach-mitigation-rails'
5
6
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: breach-mitigation-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bradley Buda