cloudflare-rails 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fcb7d261366df6768af3b9884a18e8b782d6cf5f81f11ef14c18b017d394041f
-  data.tar.gz: 5870001e58046915a6bdd8c47f10241e5f54bf161bd5c771da685276cee2185f
+  metadata.gz: 6060b63792255ed6aebab33986d27092b1866052db8fcf496942692f1c51508d
+  data.tar.gz: 40d72f9bfefac5cf2f64c681d8833efb807ce20b314cd0433e9e07c03917b7ae
 SHA512:
-  metadata.gz: 014abb7c27aa87e3f30a1b9c3e0daf09597cee895e6818af203a70de0c1c87648357a4e5eb138c3e9439cd1a5406d17ae099be32652cc432b023e7642e592bb2
-  data.tar.gz: fdcfe22eddcea78cbcbac63fbb50a715715bf7de0ac9e0a3139f288b466f747e5bffb984512af4a288db70063ba78978a6f2f7bc3eab73e761a8e98483af976c
+  metadata.gz: 3a0ac66d56d0a62957c73b564e9bc5586bb9328e146598e2b342de74bcd75e1a24541ae4b22fbd17f502a5a9a40c57a0e07bcd3b348950843d17b9cee0cc8d59
+  data.tar.gz: f175720c6f4f109a3ea1bc34c1e62bf1661a60df5e83c132e3677b078c6064359ca0c5afd98c26b8962e38c5692c876094146e1de586e8461ba1dc7c25854a11

data/Appraisals

@@ -13,3 +13,7 @@ end
 appraise "rails-6.0" do
   gem "rails", "~> 6.0.0"
 end
+
+appraise "rails-6.1" do
+  gem "rails", "~> 6.1.0"
+end

data/README.md

@@ -3,9 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
 
 ## Rails Compatibility
 
-For Rails 5 / 6, use >= `0.6.x`
-
-For Rails 4.2, use `0.1.x`
+This gem requires Rails >= 5. The last version that supports Rails 4.2 is `0.1.x`.
 
 ## Installation
 
@@ -25,12 +23,12 @@ And then execute:
 
 ## Problem
 
-Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic. 
+Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
 
 `cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
 
 ## Usage
-This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses. 
+This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
 
 You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
 ```ruby
@@ -40,7 +38,7 @@ config.cloudflare.timeout = 5.seconds # default value
 
 ## Alternatives
 
-[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header. 
+[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header.
 
 ## Development
 

data/cloudflare-rails.gemspec

@@ -24,15 +24,15 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 13.0.1"
   spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
   spec.add_development_dependency "rspec-rails", "~> 4.0.0"
-  spec.add_development_dependency "rspec", "~> 3.9.0"
+  spec.add_development_dependency "rspec", "~> 3.10.0"
   spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
-  spec.add_development_dependency "webmock", "~> 3.9.1"
+  spec.add_development_dependency "webmock", "~> 3.10.0"
   spec.add_development_dependency "rack-attack", "~> 6.3.0"
   spec.add_development_dependency "pry-byebug"
   spec.add_development_dependency "appraisal"
 
   spec.add_dependency "httparty"
-  spec.add_dependency "rails", ">= 5.0", "< 6.1.0"
+  spec.add_dependency "rails", ">= 5.0", "< 6.2.0"
 
   # we need Module#prepend
   spec.required_ruby_version = '>= 2.0'

data/gemfiles/rails_6.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.1.0"
+
+gemspec path: "../"

data/lib/cloudflare/rails/version.rb

@@ -1,5 +1,5 @@
 module Cloudflare
   module Rails
-    VERSION = "1.0.0".freeze
+    VERSION = "1.1.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-rails
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - jonathan schatz
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-09-30 00:00:00.000000000 Z
+date: 2020-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: 3.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rubocop-airbnb
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.1
+        version: 3.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.1
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rack-attack
   requirement: !ruby/object:Gem::Requirement
@@ -173,7 +173,7 @@ dependencies:
         version: '5.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: 6.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -183,7 +183,7 @@ dependencies:
         version: '5.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: 6.2.0
 description: ''
 email:
 - modosc@users.noreply.github.com
@@ -213,6 +213,7 @@ files:
 - gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/cloudflare/rails.rb
 - lib/cloudflare/rails/railtie.rb
 - lib/cloudflare/rails/version.rb