breach-mitigation-rails 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 64e63c351315be8aaafb77eabd8fbb1a80ee871b
4
- data.tar.gz: ab1b890da9969ad175eba5ee6ad1932488ee6033
3
+ metadata.gz: 552f77a2f8db017504d2357a189bc0c9a154a34e
4
+ data.tar.gz: fcb86ce3d3637b5a4aa9a8848ff3e147be1cc80f
5
5
  SHA512:
6
- metadata.gz: c0ec64dc560ef8cc8809e31d6a0b046ab4ea7ce657f481284a9f9b89b7a4904b4f44b7eb6dbd3156cde22ec33aed7fdd11bd5e9659ad50c747c1217b8b2d5fd1
7
- data.tar.gz: 3ce2a737b1e80ecb4ef833c1b765192ffa037082282821881ecfcc19c86a4d62efd93857ce95d9526837d617628b3580bb45e5744abc54b8338f2734b28f75cc
6
+ metadata.gz: cb939e4c02545bb55de00335ebe857d946eb8f3b231df5b50f5a413c5b0ffaeaf0cc287cac45d673557c0ea78f8fe77d6b3e42a34e246aec4b486f24209d672c
7
+ data.tar.gz: e1763744407fc1ac94f04e5b834c665e55c0af7f0749cab91dc5dd9db55420e16a98b0088b2753a5d7f2e2b727e741215508e98844cf31986e434befe746c427
data/README.md CHANGED
@@ -40,6 +40,10 @@ And then execute:
40
40
 
41
41
  $ bundle
42
42
 
43
+ The length-hiding can be disabled by doing:
44
+
45
+ Rails.application.config.exclude_breach_length_hiding = true
46
+
43
47
  For most Rails apps, that should be enough, but read on for the gory
44
48
  details...
45
49
 
@@ -9,8 +9,8 @@ module BreachMitigation
9
9
  def call(env)
10
10
  status, headers, body = @app.call(env)
11
11
 
12
- # Only pad HTML documents
13
- if headers['Content-Type'] =~ /text\/html/ && env['rack.url_scheme'] == 'https'
12
+ # Only pad HTML/XHTML documents
13
+ if headers['Content-Type'] =~ /text\/x?html/ && env['rack.url_scheme'] == 'https'
14
14
  # Copy the existing response to a new object
15
15
  response = Rack::Response.new(body, status, headers)
16
16
 
@@ -1,13 +1,15 @@
1
- require 'breach_mitigation/length_hiding'
2
1
  require 'breach_mitigation/masking_secrets'
3
2
 
4
3
  module BreachMitigation
5
4
  class Railtie < Rails::Railtie
6
5
  initializer "breach-mitigation-rails.insert_middleware" do |app|
7
- if Rails.version.include?("3.0.")
8
- app.config.middleware.use "BreachMitigation::LengthHiding"
9
- else
10
- app.config.middleware.insert_before "Rack::ETag", "BreachMitigation::LengthHiding"
6
+ if !app.config.respond_to?(:exclude_breach_length_hiding) || !app.config.exclude_breach_length_hiding
7
+ require 'breach_mitigation/length_hiding'
8
+ if Rails.version.include?("3.0.")
9
+ app.config.middleware.use "BreachMitigation::LengthHiding"
10
+ else
11
+ app.config.middleware.insert_before "Rack::ETag", "BreachMitigation::LengthHiding"
12
+ end
11
13
  end
12
14
  end
13
15
  end
@@ -1,3 +1,3 @@
1
1
  module BreachMitigation
2
- VERSION = "0.2.0"
2
+ VERSION = "0.2.1"
3
3
  end
@@ -1,5 +1,6 @@
1
1
  require 'rubygems'
2
2
  require 'bundler/setup'
3
+ require 'securerandom'
3
4
 
4
5
  require 'breach-mitigation-rails'
5
6
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: breach-mitigation-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bradley Buda