cloudflare-rails 1.2.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +2 -2
- data/cloudflare-rails.gemspec +4 -2
- data/lib/cloudflare/rails/version.rb +1 -1
- metadata +45 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 19b8e746b7848a5f7939ac311619b2dc627ff07f2cdb6007ddbd71497be5d730
|
4
|
+
data.tar.gz: 991cb0373e17a7c80e8559122073037d3a67f6f81463db9370d9fe4bf3864c63
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7cfa2d90ec57a59bbaaad61332a90e987c6b7f076a9367139e90cd7d6f568f728dbb6774b37577b93ac5f7ee27cfc4991b3d55c77bf947be89afb3ee1f849db9
|
7
|
+
data.tar.gz: 8dde5529c4dc355ecefa04a1b75ed82efee4e27678d75e5f0de6c7106a2b8b2ba3c0d69eeb27d8bb254a94630bbacc31bd6d84973bb9a678f3598d03814ba542
|
data/CHANGELOG.md
CHANGED
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
6
6
|
|
7
7
|
## [Unreleased]
|
8
|
+
## [2.0.0] - 2021-02-17
|
9
|
+
### Breaking Changes
|
10
|
+
- Removed broad dependency on `rails`, replaced with explicit dependencies for `railties`, `activesupport`, and `actionpack` ( [issue](https://github.com/modosc/cloudflare-rails/issues/34) and [pr](https://github.com/modosc/cloudflare-rails/pull/35))
|
8
11
|
|
9
12
|
## [1.0.0] - 2020-09-29
|
10
13
|
### Added
|
data/README.md
CHANGED
@@ -3,7 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
|
|
3
3
|
|
4
4
|
## Rails Compatibility
|
5
5
|
|
6
|
-
This gem requires
|
6
|
+
This gem requires `railties`, `activesupport`, and `actionpack` >= 5. The last version that supports Rails 4.2 is `0.1.x`.
|
7
7
|
|
8
8
|
## Installation
|
9
9
|
|
@@ -25,7 +25,7 @@ And then execute:
|
|
25
25
|
|
26
26
|
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
27
27
|
|
28
|
-
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming
|
28
|
+
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
|
29
29
|
|
30
30
|
## Usage
|
31
31
|
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
data/cloudflare-rails.gemspec
CHANGED
@@ -27,12 +27,14 @@ Gem::Specification.new do |spec|
|
|
27
27
|
spec.add_development_dependency "rspec", "~> 3.10.0"
|
28
28
|
spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
|
29
29
|
spec.add_development_dependency "webmock", "~> 3.11.0"
|
30
|
-
spec.add_development_dependency "rack-attack", "~> 6.
|
30
|
+
spec.add_development_dependency "rack-attack", "~> 6.5.0"
|
31
31
|
spec.add_development_dependency "pry-byebug"
|
32
32
|
spec.add_development_dependency "appraisal"
|
33
33
|
|
34
34
|
spec.add_dependency "httparty"
|
35
|
-
spec.add_dependency "
|
35
|
+
spec.add_dependency "railties", ">= 5.0", "< 6.2.0"
|
36
|
+
spec.add_dependency "activesupport", ">= 5.0", "< 6.2.0"
|
37
|
+
spec.add_dependency "actionpack", ">= 5.0", "< 6.2.0"
|
36
38
|
|
37
39
|
# we need Module#prepend
|
38
40
|
spec.required_ruby_version = '>= 2.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloudflare-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jonathan schatz
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-02-
|
11
|
+
date: 2021-02-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 6.
|
117
|
+
version: 6.5.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 6.
|
124
|
+
version: 6.5.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: pry-byebug
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -165,7 +165,47 @@ dependencies:
|
|
165
165
|
- !ruby/object:Gem::Version
|
166
166
|
version: '0'
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
|
-
name:
|
168
|
+
name: railties
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '5.0'
|
174
|
+
- - "<"
|
175
|
+
- !ruby/object:Gem::Version
|
176
|
+
version: 6.2.0
|
177
|
+
type: :runtime
|
178
|
+
prerelease: false
|
179
|
+
version_requirements: !ruby/object:Gem::Requirement
|
180
|
+
requirements:
|
181
|
+
- - ">="
|
182
|
+
- !ruby/object:Gem::Version
|
183
|
+
version: '5.0'
|
184
|
+
- - "<"
|
185
|
+
- !ruby/object:Gem::Version
|
186
|
+
version: 6.2.0
|
187
|
+
- !ruby/object:Gem::Dependency
|
188
|
+
name: activesupport
|
189
|
+
requirement: !ruby/object:Gem::Requirement
|
190
|
+
requirements:
|
191
|
+
- - ">="
|
192
|
+
- !ruby/object:Gem::Version
|
193
|
+
version: '5.0'
|
194
|
+
- - "<"
|
195
|
+
- !ruby/object:Gem::Version
|
196
|
+
version: 6.2.0
|
197
|
+
type: :runtime
|
198
|
+
prerelease: false
|
199
|
+
version_requirements: !ruby/object:Gem::Requirement
|
200
|
+
requirements:
|
201
|
+
- - ">="
|
202
|
+
- !ruby/object:Gem::Version
|
203
|
+
version: '5.0'
|
204
|
+
- - "<"
|
205
|
+
- !ruby/object:Gem::Version
|
206
|
+
version: 6.2.0
|
207
|
+
- !ruby/object:Gem::Dependency
|
208
|
+
name: actionpack
|
169
209
|
requirement: !ruby/object:Gem::Requirement
|
170
210
|
requirements:
|
171
211
|
- - ">="
|