cloudflare-rails 1.2.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +2 -2
- data/cloudflare-rails.gemspec +4 -2
- data/lib/cloudflare/rails/version.rb +1 -1
- metadata +45 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 19b8e746b7848a5f7939ac311619b2dc627ff07f2cdb6007ddbd71497be5d730
|
|
4
|
+
data.tar.gz: 991cb0373e17a7c80e8559122073037d3a67f6f81463db9370d9fe4bf3864c63
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7cfa2d90ec57a59bbaaad61332a90e987c6b7f076a9367139e90cd7d6f568f728dbb6774b37577b93ac5f7ee27cfc4991b3d55c77bf947be89afb3ee1f849db9
|
|
7
|
+
data.tar.gz: 8dde5529c4dc355ecefa04a1b75ed82efee4e27678d75e5f0de6c7106a2b8b2ba3c0d69eeb27d8bb254a94630bbacc31bd6d84973bb9a678f3598d03814ba542
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
|
+
## [2.0.0] - 2021-02-17
|
|
9
|
+
### Breaking Changes
|
|
10
|
+
- Removed broad dependency on `rails`, replaced with explicit dependencies for `railties`, `activesupport`, and `actionpack` ( [issue](https://github.com/modosc/cloudflare-rails/issues/34) and [pr](https://github.com/modosc/cloudflare-rails/pull/35))
|
|
8
11
|
|
|
9
12
|
## [1.0.0] - 2020-09-29
|
|
10
13
|
### Added
|
data/README.md
CHANGED
|
@@ -3,7 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
|
|
|
3
3
|
|
|
4
4
|
## Rails Compatibility
|
|
5
5
|
|
|
6
|
-
This gem requires
|
|
6
|
+
This gem requires `railties`, `activesupport`, and `actionpack` >= 5. The last version that supports Rails 4.2 is `0.1.x`.
|
|
7
7
|
|
|
8
8
|
## Installation
|
|
9
9
|
|
|
@@ -25,7 +25,7 @@ And then execute:
|
|
|
25
25
|
|
|
26
26
|
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
|
27
27
|
|
|
28
|
-
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming
|
|
28
|
+
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
|
|
29
29
|
|
|
30
30
|
## Usage
|
|
31
31
|
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
data/cloudflare-rails.gemspec
CHANGED
|
@@ -27,12 +27,14 @@ Gem::Specification.new do |spec|
|
|
|
27
27
|
spec.add_development_dependency "rspec", "~> 3.10.0"
|
|
28
28
|
spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
|
|
29
29
|
spec.add_development_dependency "webmock", "~> 3.11.0"
|
|
30
|
-
spec.add_development_dependency "rack-attack", "~> 6.
|
|
30
|
+
spec.add_development_dependency "rack-attack", "~> 6.5.0"
|
|
31
31
|
spec.add_development_dependency "pry-byebug"
|
|
32
32
|
spec.add_development_dependency "appraisal"
|
|
33
33
|
|
|
34
34
|
spec.add_dependency "httparty"
|
|
35
|
-
spec.add_dependency "
|
|
35
|
+
spec.add_dependency "railties", ">= 5.0", "< 6.2.0"
|
|
36
|
+
spec.add_dependency "activesupport", ">= 5.0", "< 6.2.0"
|
|
37
|
+
spec.add_dependency "actionpack", ">= 5.0", "< 6.2.0"
|
|
36
38
|
|
|
37
39
|
# we need Module#prepend
|
|
38
40
|
spec.required_ruby_version = '>= 2.0'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cloudflare-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- jonathan schatz
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -114,14 +114,14 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 6.
|
|
117
|
+
version: 6.5.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 6.
|
|
124
|
+
version: 6.5.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: pry-byebug
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -165,7 +165,47 @@ dependencies:
|
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: '0'
|
|
167
167
|
- !ruby/object:Gem::Dependency
|
|
168
|
-
name:
|
|
168
|
+
name: railties
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - ">="
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: '5.0'
|
|
174
|
+
- - "<"
|
|
175
|
+
- !ruby/object:Gem::Version
|
|
176
|
+
version: 6.2.0
|
|
177
|
+
type: :runtime
|
|
178
|
+
prerelease: false
|
|
179
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
180
|
+
requirements:
|
|
181
|
+
- - ">="
|
|
182
|
+
- !ruby/object:Gem::Version
|
|
183
|
+
version: '5.0'
|
|
184
|
+
- - "<"
|
|
185
|
+
- !ruby/object:Gem::Version
|
|
186
|
+
version: 6.2.0
|
|
187
|
+
- !ruby/object:Gem::Dependency
|
|
188
|
+
name: activesupport
|
|
189
|
+
requirement: !ruby/object:Gem::Requirement
|
|
190
|
+
requirements:
|
|
191
|
+
- - ">="
|
|
192
|
+
- !ruby/object:Gem::Version
|
|
193
|
+
version: '5.0'
|
|
194
|
+
- - "<"
|
|
195
|
+
- !ruby/object:Gem::Version
|
|
196
|
+
version: 6.2.0
|
|
197
|
+
type: :runtime
|
|
198
|
+
prerelease: false
|
|
199
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
200
|
+
requirements:
|
|
201
|
+
- - ">="
|
|
202
|
+
- !ruby/object:Gem::Version
|
|
203
|
+
version: '5.0'
|
|
204
|
+
- - "<"
|
|
205
|
+
- !ruby/object:Gem::Version
|
|
206
|
+
version: 6.2.0
|
|
207
|
+
- !ruby/object:Gem::Dependency
|
|
208
|
+
name: actionpack
|
|
169
209
|
requirement: !ruby/object:Gem::Requirement
|
|
170
210
|
requirements:
|
|
171
211
|
- - ">="
|