rack-cors-csrf_prevention 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +16 -1
  3. data/README.md +8 -11
  4. data/lib/rack/cors/csrf_prevention/version.rb +1 -1
  5. data/lib/rack/cors/csrf_prevention.rb +5 -4
  6. data/rack-cors-csrf_prevention.gemspec +1 -1
  7. metadata +21 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 875f008ae969331b4266a00a131b2edf9399d24ea347c2622d9cd79eaa6fcd71
4
- data.tar.gz: 7de16bb4d69a5783829281c312290c94ec5b544963c45bc03ae38942968eb795
3
+ metadata.gz: bf73e75d0b552d217b4a9cb9aabf5f08eb16db81b864a452a61388bd39d41f5c
4
+ data.tar.gz: 6daf069995fda9f4b8af289a3b6cf3a009a839ba95d6267d0167b9e98484ba81
5
5
  SHA512:
6
- metadata.gz: fb20827ff14fa2a57ac931ab263adedc4f87e0422d8ddb1c021abb4878a8023638ded968c05616ab163ce218e14e09ce2026b85101569b8afd25070f31c08635
7
- data.tar.gz: f8bcbb4e2b5330e27285e3e296d9d2c6db64e6350843e2bb16d0fcef844728120237a81eed4f00f0e426d0fab98c81af349b196288df1d4550298c67a4c1a74c
6
+ metadata.gz: 7ab5b4cb92c9db15d97d60ab49725f7feae8aede713f678531bbd0292575e23fa9834ffb8feadbf86217d1ee19cdad9252d1f7d75bb6461ab83f1b837bf2fef2
7
+ data.tar.gz: 30a0e42021a6ba4eed3cf1a6d684310937dc0ee6a888e7b81ccc8a02db889afbf3fcb0fbc532ef453951cc51696845c6d2d34fd74d21a4a96ffe886b14a4e1c0
data/Gemfile.lock CHANGED
@@ -1,15 +1,28 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-cors-csrf_prevention (0.1.0)
4
+ rack-cors-csrf_prevention (0.2.0)
5
5
  rack (>= 1)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
+ debug (1.9.1)
11
+ irb (~> 1.10)
12
+ reline (>= 0.3.8)
10
13
  diff-lcs (1.5.0)
14
+ io-console (0.7.2)
15
+ irb (1.11.2)
16
+ rdoc
17
+ reline (>= 0.4.2)
18
+ psych (5.1.2)
19
+ stringio
11
20
  rack (2.2.7)
12
21
  rake (13.0.6)
22
+ rdoc (6.6.2)
23
+ psych (>= 4.0.0)
24
+ reline (0.4.2)
25
+ io-console (~> 0.5)
13
26
  rspec (3.12.0)
14
27
  rspec-core (~> 3.12.0)
15
28
  rspec-expectations (~> 3.12.0)
@@ -23,12 +36,14 @@ GEM
23
36
  diff-lcs (>= 1.2.0, < 2.0)
24
37
  rspec-support (~> 3.12.0)
25
38
  rspec-support (3.12.0)
39
+ stringio (3.1.0)
26
40
 
27
41
  PLATFORMS
28
42
  arm64-darwin-22
29
43
  x86_64-linux
30
44
 
31
45
  DEPENDENCIES
46
+ debug (~> 1.9, >= 1.9.1)
32
47
  rack-cors-csrf_prevention!
33
48
  rake (~> 13.0)
34
49
  rspec (~> 3.0)
data/README.md CHANGED
@@ -20,29 +20,26 @@ gem install rack-cors-csrf_prevention
20
20
 
21
21
  ### Rails Configuration
22
22
 
23
- Specify paths for CSRF prevention:
24
-
25
23
  ```ruby
26
24
  # config/initializers/cors.rb
27
25
 
28
- Rails.application.config.middleware.use Rack::Cors::CsrfPrevention,
29
- paths: %w[/graphql]
26
+ Rails.application.config.middleware.use Rack::Cors::CsrfPrevention
30
27
  ```
31
28
 
32
- You can also specify custom headers that allow execution. By default, it's `X-Apollo-Operation-Name` or `Apollo-Require-Preflight` headers, but you can configure to allow a `Some-Special-Header` header:
29
+ By default, gem protects path `/graphql` and allows only `X-Apollo-Operation-Name` or `Apollo-Require-Preflight` header for non-preflighted content types.
30
+
31
+ You can customize path and headers for CSRF prevention:
33
32
 
34
33
  ```ruby
35
34
  # config/initializers/cors.rb
36
35
 
37
36
  Rails.application.config.middleware.use Rack::Cors::CsrfPrevention,
38
- paths: %w[/graphql],
39
- required_headers: %w[
40
- X-APOLLO-OPERATION-NAME
41
- APOLLO-REQUIRE-PREFLIGHT
42
- SOME-SPECIAL-HEADER
43
- ]
37
+ path: "/gql",
38
+ required_headers: %w[SOME-SPECIAL-HEADER]
44
39
  ```
45
40
 
41
+ Also, you can configure multiple paths via `paths` argument.
42
+
46
43
  ## Development
47
44
 
48
45
  After checking out the repo, run `bin/setup` to install dependencies. Then, run
data/lib/rack/cors/csrf_prevention/version.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Rack
4
4
  class Cors
5
5
  class CsrfPrevention
6
- VERSION = "0.1.0"
6
+ VERSION = "0.2.0"
7
7
  end
8
8
  end
9
9
  end
data/lib/rack/cors/csrf_prevention.rb CHANGED
@@ -28,12 +28,13 @@ module Rack
28
28
 
29
29
  def initialize(
30
30
  app,
31
- paths:,
32
- required_headers: APOLLO_CUSTOM_PREFLIGHT_HEADERS
31
+ path: nil,
32
+ paths: [],
33
+ required_headers: []
33
34
  )
34
35
  @app = app
35
- @paths = paths
36
- @required_headers = required_headers
36
+ @paths = path.nil? && paths.empty? ? ["/graphql"] : [path].compact + paths
37
+ @required_headers = APOLLO_CUSTOM_PREFLIGHT_HEADERS + required_headers
37
38
  end
38
39
 
39
40
  def call(env)
data/rack-cors-csrf_prevention.gemspec CHANGED
@@ -51,6 +51,6 @@ Gem::Specification.new do |spec|
51
51
  spec.add_dependency "rack", ">= 1"
52
52
 
53
53
  spec.add_development_dependency "rake", "~> 13.0"
54
- # spec.add_development_dependency "minitest", "~> 5.0"
55
54
  spec.add_development_dependency "rspec", "~> 3.0"
55
+ spec.add_development_dependency "debug", "~> 1.9", ">= 1.9.1"
56
56
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cors-csrf_prevention
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Digital Classifieds LLC
@@ -52,6 +52,26 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: debug
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '1.9'
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: 1.9.1
65
+ type: :development
66
+ prerelease: false
67
+ version_requirements: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - "~>"
70
+ - !ruby/object:Gem::Version
71
+ version: '1.9'
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 1.9.1
55
75
  description: |
56
76
  The middleware makes sure any request to specified paths would have been
57
77
  preflighted if it was sent by a browser.