rack-cors-csrf_prevention 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 875f008ae969331b4266a00a131b2edf9399d24ea347c2622d9cd79eaa6fcd71
4
- data.tar.gz: 7de16bb4d69a5783829281c312290c94ec5b544963c45bc03ae38942968eb795
3
+ metadata.gz: bf73e75d0b552d217b4a9cb9aabf5f08eb16db81b864a452a61388bd39d41f5c
4
+ data.tar.gz: 6daf069995fda9f4b8af289a3b6cf3a009a839ba95d6267d0167b9e98484ba81
5
5
  SHA512:
6
- metadata.gz: fb20827ff14fa2a57ac931ab263adedc4f87e0422d8ddb1c021abb4878a8023638ded968c05616ab163ce218e14e09ce2026b85101569b8afd25070f31c08635
7
- data.tar.gz: f8bcbb4e2b5330e27285e3e296d9d2c6db64e6350843e2bb16d0fcef844728120237a81eed4f00f0e426d0fab98c81af349b196288df1d4550298c67a4c1a74c
6
+ metadata.gz: 7ab5b4cb92c9db15d97d60ab49725f7feae8aede713f678531bbd0292575e23fa9834ffb8feadbf86217d1ee19cdad9252d1f7d75bb6461ab83f1b837bf2fef2
7
+ data.tar.gz: 30a0e42021a6ba4eed3cf1a6d684310937dc0ee6a888e7b81ccc8a02db889afbf3fcb0fbc532ef453951cc51696845c6d2d34fd74d21a4a96ffe886b14a4e1c0
data/Gemfile.lock CHANGED
@@ -1,15 +1,28 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-cors-csrf_prevention (0.1.0)
4
+ rack-cors-csrf_prevention (0.2.0)
5
5
  rack (>= 1)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
+ debug (1.9.1)
11
+ irb (~> 1.10)
12
+ reline (>= 0.3.8)
10
13
  diff-lcs (1.5.0)
14
+ io-console (0.7.2)
15
+ irb (1.11.2)
16
+ rdoc
17
+ reline (>= 0.4.2)
18
+ psych (5.1.2)
19
+ stringio
11
20
  rack (2.2.7)
12
21
  rake (13.0.6)
22
+ rdoc (6.6.2)
23
+ psych (>= 4.0.0)
24
+ reline (0.4.2)
25
+ io-console (~> 0.5)
13
26
  rspec (3.12.0)
14
27
  rspec-core (~> 3.12.0)
15
28
  rspec-expectations (~> 3.12.0)
@@ -23,12 +36,14 @@ GEM
23
36
  diff-lcs (>= 1.2.0, < 2.0)
24
37
  rspec-support (~> 3.12.0)
25
38
  rspec-support (3.12.0)
39
+ stringio (3.1.0)
26
40
 
27
41
  PLATFORMS
28
42
  arm64-darwin-22
29
43
  x86_64-linux
30
44
 
31
45
  DEPENDENCIES
46
+ debug (~> 1.9, >= 1.9.1)
32
47
  rack-cors-csrf_prevention!
33
48
  rake (~> 13.0)
34
49
  rspec (~> 3.0)
data/README.md CHANGED
@@ -20,29 +20,26 @@ gem install rack-cors-csrf_prevention
20
20
 
21
21
  ### Rails Configuration
22
22
 
23
- Specify paths for CSRF prevention:
24
-
25
23
  ```ruby
26
24
  # config/initializers/cors.rb
27
25
 
28
- Rails.application.config.middleware.use Rack::Cors::CsrfPrevention,
29
- paths: %w[/graphql]
26
+ Rails.application.config.middleware.use Rack::Cors::CsrfPrevention
30
27
  ```
31
28
 
32
- You can also specify custom headers that allow execution. By default, it's `X-Apollo-Operation-Name` or `Apollo-Require-Preflight` headers, but you can configure to allow a `Some-Special-Header` header:
29
+ By default, gem protects path `/graphql` and allows only `X-Apollo-Operation-Name` or `Apollo-Require-Preflight` header for non-preflighted content types.
30
+
31
+ You can customize path and headers for CSRF prevention:
33
32
 
34
33
  ```ruby
35
34
  # config/initializers/cors.rb
36
35
 
37
36
  Rails.application.config.middleware.use Rack::Cors::CsrfPrevention,
38
- paths: %w[/graphql],
39
- required_headers: %w[
40
- X-APOLLO-OPERATION-NAME
41
- APOLLO-REQUIRE-PREFLIGHT
42
- SOME-SPECIAL-HEADER
43
- ]
37
+ path: "/gql",
38
+ required_headers: %w[SOME-SPECIAL-HEADER]
44
39
  ```
45
40
 
41
+ Also, you can configure multiple paths via `paths` argument.
42
+
46
43
  ## Development
47
44
 
48
45
  After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -3,7 +3,7 @@
3
3
  module Rack
4
4
  class Cors
5
5
  class CsrfPrevention
6
- VERSION = "0.1.0"
6
+ VERSION = "0.2.0"
7
7
  end
8
8
  end
9
9
  end
@@ -28,12 +28,13 @@ module Rack
28
28
 
29
29
  def initialize(
30
30
  app,
31
- paths:,
32
- required_headers: APOLLO_CUSTOM_PREFLIGHT_HEADERS
31
+ path: nil,
32
+ paths: [],
33
+ required_headers: []
33
34
  )
34
35
  @app = app
35
- @paths = paths
36
- @required_headers = required_headers
36
+ @paths = path.nil? && paths.empty? ? ["/graphql"] : [path].compact + paths
37
+ @required_headers = APOLLO_CUSTOM_PREFLIGHT_HEADERS + required_headers
37
38
  end
38
39
 
39
40
  def call(env)
@@ -51,6 +51,6 @@ Gem::Specification.new do |spec|
51
51
  spec.add_dependency "rack", ">= 1"
52
52
 
53
53
  spec.add_development_dependency "rake", "~> 13.0"
54
- # spec.add_development_dependency "minitest", "~> 5.0"
55
54
  spec.add_development_dependency "rspec", "~> 3.0"
55
+ spec.add_development_dependency "debug", "~> 1.9", ">= 1.9.1"
56
56
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cors-csrf_prevention
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Digital Classifieds LLC
@@ -52,6 +52,26 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: debug
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '1.9'
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: 1.9.1
65
+ type: :development
66
+ prerelease: false
67
+ version_requirements: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - "~>"
70
+ - !ruby/object:Gem::Version
71
+ version: '1.9'
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 1.9.1
55
75
  description: |
56
76
  The middleware makes sure any request to specified paths would have been
57
77
  preflighted if it was sent by a browser.