cloudflare-rails 1.2.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/README.md +2 -2
  4. data/cloudflare-rails.gemspec +4 -2
  5. data/lib/cloudflare/rails/version.rb +1 -1
  6. metadata +45 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cd4b756d17197d18b6ed4daba9b3a98f4105410d95785f835013701fe372e813
4
- data.tar.gz: 8be58cbbc6d6b7b32aa4280d3acc4c6c2fe8b7e77f06bc62dada0d080ca021a3
3
+ metadata.gz: 19b8e746b7848a5f7939ac311619b2dc627ff07f2cdb6007ddbd71497be5d730
4
+ data.tar.gz: 991cb0373e17a7c80e8559122073037d3a67f6f81463db9370d9fe4bf3864c63
5
5
  SHA512:
6
- metadata.gz: 603165c9c4e53bcd4bbe0f608659cef70a6c2f20d6c96807d78007e7128613d13171a3126516f38c8caa181b759908321db4d2788325698392ca872a1799b4d3
7
- data.tar.gz: 7e72201d4968db350b38d5f237b5a3e5931f1ec5fd921917b227e7b78dd3ed4f2fd0f641b09c5a3240d33892e980e322a4e73b4949612dc10690f7e5b1821e38
6
+ metadata.gz: 7cfa2d90ec57a59bbaaad61332a90e987c6b7f076a9367139e90cd7d6f568f728dbb6774b37577b93ac5f7ee27cfc4991b3d55c77bf947be89afb3ee1f849db9
7
+ data.tar.gz: 8dde5529c4dc355ecefa04a1b75ed82efee4e27678d75e5f0de6c7106a2b8b2ba3c0d69eeb27d8bb254a94630bbacc31bd6d84973bb9a678f3598d03814ba542
data/CHANGELOG.md CHANGED
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
5
5
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
6
 
7
7
  ## [Unreleased]
8
+ ## [2.0.0] - 2021-02-17
9
+ ### Breaking Changes
10
+ - Removed broad dependency on `rails`, replaced with explicit dependencies for `railties`, `activesupport`, and `actionpack` ( [issue](https://github.com/modosc/cloudflare-rails/issues/34) and [pr](https://github.com/modosc/cloudflare-rails/pull/35))
8
11
 
9
12
  ## [1.0.0] - 2020-09-29
10
13
  ### Added
data/README.md CHANGED
@@ -3,7 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
3
3
 
4
4
  ## Rails Compatibility
5
5
 
6
- This gem requires Rails >= 5. The last version that supports Rails 4.2 is `0.1.x`.
6
+ This gem requires `railties`, `activesupport`, and `actionpack` >= 5. The last version that supports Rails 4.2 is `0.1.x`.
7
7
 
8
8
  ## Installation
9
9
 
@@ -25,7 +25,7 @@ And then execute:
25
25
 
26
26
  Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
27
27
 
28
- `cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
28
+ `cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
29
29
 
30
30
  ## Usage
31
31
  This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
data/cloudflare-rails.gemspec CHANGED
@@ -27,12 +27,14 @@ Gem::Specification.new do |spec|
27
27
  spec.add_development_dependency "rspec", "~> 3.10.0"
28
28
  spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
29
29
  spec.add_development_dependency "webmock", "~> 3.11.0"
30
- spec.add_development_dependency "rack-attack", "~> 6.4.0"
30
+ spec.add_development_dependency "rack-attack", "~> 6.5.0"
31
31
  spec.add_development_dependency "pry-byebug"
32
32
  spec.add_development_dependency "appraisal"
33
33
 
34
34
  spec.add_dependency "httparty"
35
- spec.add_dependency "rails", ">= 5.0", "< 6.2.0"
35
+ spec.add_dependency "railties", ">= 5.0", "< 6.2.0"
36
+ spec.add_dependency "activesupport", ">= 5.0", "< 6.2.0"
37
+ spec.add_dependency "actionpack", ">= 5.0", "< 6.2.0"
36
38
 
37
39
  # we need Module#prepend
38
40
  spec.required_ruby_version = '>= 2.0'
data/lib/cloudflare/rails/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Cloudflare
2
2
  module Rails
3
- VERSION = "1.2.0".freeze
3
+ VERSION = "2.0.0".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cloudflare-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - jonathan schatz
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-02-03 00:00:00.000000000 Z
11
+ date: 2021-02-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 6.4.0
117
+ version: 6.5.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 6.4.0
124
+ version: 6.5.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: pry-byebug
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -165,7 +165,47 @@ dependencies:
165
165
  - !ruby/object:Gem::Version
166
166
  version: '0'
167
167
  - !ruby/object:Gem::Dependency
168
- name: rails
168
+ name: railties
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '5.0'
174
+ - - "<"
175
+ - !ruby/object:Gem::Version
176
+ version: 6.2.0
177
+ type: :runtime
178
+ prerelease: false
179
+ version_requirements: !ruby/object:Gem::Requirement
180
+ requirements:
181
+ - - ">="
182
+ - !ruby/object:Gem::Version
183
+ version: '5.0'
184
+ - - "<"
185
+ - !ruby/object:Gem::Version
186
+ version: 6.2.0
187
+ - !ruby/object:Gem::Dependency
188
+ name: activesupport
189
+ requirement: !ruby/object:Gem::Requirement
190
+ requirements:
191
+ - - ">="
192
+ - !ruby/object:Gem::Version
193
+ version: '5.0'
194
+ - - "<"
195
+ - !ruby/object:Gem::Version
196
+ version: 6.2.0
197
+ type: :runtime
198
+ prerelease: false
199
+ version_requirements: !ruby/object:Gem::Requirement
200
+ requirements:
201
+ - - ">="
202
+ - !ruby/object:Gem::Version
203
+ version: '5.0'
204
+ - - "<"
205
+ - !ruby/object:Gem::Version
206
+ version: 6.2.0
207
+ - !ruby/object:Gem::Dependency
208
+ name: actionpack
169
209
  requirement: !ruby/object:Gem::Requirement
170
210
  requirements:
171
211
  - - ">="