heroku-bouncer 0.5.1 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +1 -0
- data/lib/heroku/bouncer/middleware.rb +3 -2
- metadata +26 -26
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e5cf7d5667b8fe25211a018e2b73c8f625f71c55
|
|
4
|
+
data.tar.gz: 6f20284b00d3080f0f8ad6417853394eeb7d9791
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7bd2301810bba207ec13b0da82e2a64fd4b331c37b1f30abf13ae0aedc5ca756f600752d1db3302c8d89495f2017da161303d55dfce89a4ff7cb21a1efb3fc82
|
|
7
|
+
data.tar.gz: bb4a81dba1617a144bd0614ac080009afb97974f4baf0b63f0f60f1a06f7d2d7f9335950cb9e0b28f52e9921efc1baf7a4bea25bf01a7c8b261494347fff4b48
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -93,7 +93,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
|
|
|
93
93
|
store_write(:expires_at, Time.now.to_i + 3600 * 8)
|
|
94
94
|
|
|
95
95
|
return_to = store_delete(:return_to) || '/'
|
|
96
|
-
redirect to(enforce_host(request.scheme, request.host, return_to))
|
|
96
|
+
redirect to(enforce_host(request.scheme, request.host, request.port, return_to))
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
# something went wrong
|
|
@@ -223,10 +223,11 @@ private
|
|
|
223
223
|
end
|
|
224
224
|
|
|
225
225
|
# Prevent open redirect vulnerabilities by setting the current host
|
|
226
|
-
def enforce_host(scheme, host, url)
|
|
226
|
+
def enforce_host(scheme, host, port, url)
|
|
227
227
|
return_to = URI.parse(url) rescue '/'
|
|
228
228
|
return_to.scheme = scheme
|
|
229
229
|
return_to.host = host
|
|
230
|
+
return_to.port = port unless port == 80
|
|
230
231
|
return_to.to_s
|
|
231
232
|
end
|
|
232
233
|
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heroku-bouncer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Dance
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-heroku
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.1
|
|
19
|
+
version: '0.1'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.1
|
|
26
|
+
version: '0.1'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: sinatra
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -70,16 +70,16 @@ dependencies:
|
|
|
70
70
|
name: rake
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
|
-
- - "
|
|
73
|
+
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '0'
|
|
75
|
+
version: '10.0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- - "
|
|
80
|
+
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '0'
|
|
82
|
+
version: '10.0'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: minitest
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -98,58 +98,58 @@ dependencies:
|
|
|
98
98
|
name: minitest-spec-context
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- - "
|
|
101
|
+
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0'
|
|
103
|
+
version: '0.0'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
|
-
- - "
|
|
108
|
+
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
110
|
+
version: '0.0'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rack-test
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
|
-
- - "
|
|
115
|
+
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: '0'
|
|
117
|
+
version: '0.6'
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
|
-
- - "
|
|
122
|
+
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: '0'
|
|
124
|
+
version: '0.6'
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: mocha
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
|
-
- - "
|
|
129
|
+
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: '
|
|
131
|
+
version: '1.1'
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
|
-
- - "
|
|
136
|
+
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: '
|
|
138
|
+
version: '1.1'
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: delorean
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
142
142
|
requirements:
|
|
143
|
-
- - "
|
|
143
|
+
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: '
|
|
145
|
+
version: '2.1'
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
|
-
- - "
|
|
150
|
+
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: '
|
|
152
|
+
version: '2.1'
|
|
153
153
|
description: ID please.
|
|
154
154
|
email:
|
|
155
155
|
- jd@heroku.com
|