rack-allowed_hosts 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/allowed_hosts.rb +10 -2
- data/lib/rack/allowed_hosts/version.rb +1 -1
- metadata +30 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48eb3e08752b4ff163d6d5897dee352434d26f05
|
|
4
|
+
data.tar.gz: 3397726e3daaa90b015670ee9a3c0e688cd38acf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 24b8bef8599a59ef40cb4d1fa594e0db79ef3b14c763d3ae534b3880d60d1522fa553e614b8cc3d50dbd72c411eff6290a52e71c7a931d7c9bf8bbfff4bd4728
|
|
7
|
+
data.tar.gz: 1013594f4cfd2c6b02807166853fbff1eea94fb4a19dfc34610a894e18da8ab79805805bac644e739946e2c7ef535171cf3217659b6b8f6905d7ffdcc02867aa
|
data/lib/rack/allowed_hosts.rb
CHANGED
|
@@ -4,6 +4,8 @@ require 'rack/allowed_hosts/version'
|
|
|
4
4
|
module Rack
|
|
5
5
|
class AllowedHosts
|
|
6
6
|
|
|
7
|
+
FORBIDDEN_RESPONSE = [403, {'Content-Type' => 'text/html'}, ['<h1>403 Forbidden</h1>']]
|
|
8
|
+
|
|
7
9
|
attr_reader :allowed_hosts
|
|
8
10
|
|
|
9
11
|
def initialize(app, &block)
|
|
@@ -27,14 +29,20 @@ module Rack
|
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def call(env)
|
|
32
|
+
http_host = env['HTTP_HOST']
|
|
33
|
+
|
|
34
|
+
unless http_host.nil?
|
|
35
|
+
http_host = http_host.split(':').first
|
|
36
|
+
end
|
|
37
|
+
|
|
30
38
|
host_values = [
|
|
31
|
-
|
|
39
|
+
http_host,
|
|
32
40
|
env['SERVER_NAME']
|
|
33
41
|
].uniq
|
|
34
42
|
|
|
35
43
|
host_values.each do |host|
|
|
36
44
|
unless host_allowed?(host)
|
|
37
|
-
return
|
|
45
|
+
return FORBIDDEN_RESPONSE
|
|
38
46
|
end
|
|
39
47
|
end
|
|
40
48
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-allowed_hosts
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Blalock
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -24,6 +24,34 @@ dependencies:
|
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '0'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: pry
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: pry-byebug
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
27
55
|
description: |2
|
|
28
56
|
Rack::AllowedHosts allows you to whitelist the hostnames allowed to
|
|
29
57
|
serve the site. This is helpful to protect against Host Header Injection.
|