rack-cors 1.0.6 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 617a90d9047dfbbe55196b77139e176298c20011ae3378e0f83dda392cd295b9
-  data.tar.gz: 72285f6b83f9daf70d46924344f5f3fabcedf3f2e68357d4824930de4f925769
+  metadata.gz: fd2274b31c1fff80172aeae55b715d3adcc39c32665cf3fa85707fcedc2e7d02
+  data.tar.gz: 87790b6bbd36a084ea24af33694650c3a38ded6d85d43321edeee3f53b23c8c5
 SHA512:
-  metadata.gz: c39a63b2f2b3046aa35d8c8a8d095ab9c8f5627bd1e78e07ca284b382ffd8cc5d02454ec1ab7ffaa158d70dba58ce9e6adeca51b86725c39fd265042e85832b9
-  data.tar.gz: 364a108b061a98c35d958a25ce9cabd88da14f1f7b212a50d437663fe8398a312f62924ac62bd82be8c70e9b952e431e905fa47661aa2cf299f6b0e5fcfaf422
+  metadata.gz: 74899fd0bca2abc5498ea3172f9b7909f1d45f1c1f029c23e48f868533d7a71827574c307bc48a74c66e17a3046d387d48cf07a7de868e4dcf2ce057f894b2ec
+  data.tar.gz: 918f644a445522eb52dd065252e1fee13917225f40f44e1cfbe40a73864d60ca993db08228edb78bda5b920b84c371e417dc3965752fbda43bb7eb5e67553fa3

data/CHANGELOG.md

@@ -1,6 +1,13 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## 1.1.0 - 2019-11-19
+### Changed
+- Use Rack::Utils.escape_path instead of Rack::Utils.escape
+- Require Rack 2.0 for escape_path method
+- Don't try to clean path if invalid.
+- Return 400 (Bad Request) on preflights with invalid path
+
 ## 1.0.6 - 2019-11-14
 ### Changed
 - Use Rack::Utils.escape to make compat with Rack 1.6.0

data/lib/rack/cors.rb

@@ -76,7 +76,9 @@ module Rack
             "  Access-Control-Request-Headers: #{env[HTTP_ACCESS_CONTROL_REQUEST_HEADERS]}"
             ].join("\n")
         end
-        if env[REQUEST_METHOD] == OPTIONS and env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
+
+        if env[REQUEST_METHOD] == OPTIONS && env[HTTP_ACCESS_CONTROL_REQUEST_METHOD]
+          return [400, {}, []] unless Rack::Utils.valid_path?(path)
           headers = process_preflight(env, path)
           debug(env) do
             "Preflight Headers:\n" +
@@ -152,7 +154,15 @@ module Rack
 
       def evaluate_path(env)
         path = env[PATH_INFO]
-        path = Rack::Utils.clean_path_info(Rack::Utils.unescape(path)) if path
+
+        if path
+          path = Rack::Utils.unescape_path(path)
+
+          if Rack::Utils.valid_path?(path)
+            path = Rack::Utils.clean_path_info(path)
+          end
+        end
+
         path
       end
 

data/lib/rack/cors/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class Cors
-    VERSION = "1.0.6"
+    VERSION = "1.1.0"
   end
 end

data/rack-cors.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "rack", ">= 1.6.0"
+  spec.add_dependency "rack", ">= 2.0.0"
   spec.add_development_dependency "bundler", ">= 1.16.0", '< 3'
   spec.add_development_dependency "rake", "~> 12.3.0"
   spec.add_development_dependency "minitest", "~> 5.11.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-cors
 version: !ruby/object:Gem::Version
-  version: 1.0.6
+  version: 1.1.0
 platform: ruby
 authors:
 - Calvin Yu
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-14 00:00:00.000000000 Z
+date: 2019-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement