RubyGems - rack-cors - Versions diffs - 2.0.1 → 3.0.0 - Mend

rack-cors 2.0.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f47b5b2ba34721795ddb1c65e70e989134655e7f47116dd977edee702a79f41f
-  data.tar.gz: 7c03dc701b00b7418ab4d733872fccc3522392f0f85014b8ca25045767d866a9
+  metadata.gz: 6ec00fa74e332230fa5a169a7de9b04f09cdc062653f1cc09ca05806fb25152f
+  data.tar.gz: a628117ab53ce1ec3ade0bef0f073d5edc4ce7a908122a741534f64ff4e90a3e
 SHA512:
-  metadata.gz: d5a94b8f282fd5367e125f4b49e18ce5fb1c07581d89b2d50dc8cf4eb70e8404d97c78a6ccaf90f1e41f0f220bb09ff9dd07a4677559935cc35256674e6c512d
-  data.tar.gz: bee187e2dc53281d8b454df32b6a8fd50e05b66de4f25649d74f176abf29d52eb4cee5a2b2e602e087c5f5805b6dd55ab86a9e0692d3d82c5538e0c30e3c020b
+  metadata.gz: 7f3ffafae36ad8e08a5d5f4347628ef6efaf9dcd669d008e1ea4022998e6d36bef652c9b99fc5c89d36af10cfbc508269154df722ca7629831642206ee3b078c
+  data.tar.gz: f849c6fa986e0e601dc18532591fcde9c03557ee2fb1ecbf2e19f518e7ec0824a8d665c4c8764872fccbd674d754c7453fc333eb72c93d27c586b4ebf5c1b913

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,17 @@
 # Change Log
 All notable changes to this project will be documented in this file.
+## 3.0.0 - 2025-05-16
+### Changed
+- Update Rack dependency to >= 3.0.14
+- Remove support for Ruby 2.3
+- Add logger as explicit dependency
+## 2.0.2 - 2024-03-04
+### Changed
+- Fix file permission issues with 2.0.1 release
+  - Security: Fixes CVE-2024-27456, GHSA-785g-282q-pwvx
 ## 2.0.1 - 2023-02-17
 ### Changed
 - Use Rack::Utils::HeaderHash when Rack 2.x is detected

data/README.md CHANGED Viewed

@@ -33,18 +33,12 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
 end
 ```
-NOTE: If you create application with `--api` option, configuration automatically generate in `config/initializers/cors.rb`.
+NOTE: If you create application with `--api` option, configuration is automatically generated in `config/initializers/cors.rb`.
 We use `insert_before` to make sure `Rack::Cors` runs at the beginning of the stack to make sure it isn't interfered with by other middleware (see `Rack::Cache` note in **Common Gotchas** section). Basic setup examples for Rails 5 & Rails 6 can be found in the examples/ directory.
 See The [Rails Guide to Rack](http://guides.rubyonrails.org/rails_on_rack.html) for more details on rack middlewares or watch the [railscast](http://railscasts.com/episodes/151-rack-middleware).
-*Note about Rails 6*: Rails 6 has support for blocking requests from unknown hosts, so origin domains will need to be added there as well.
-```ruby
-Rails.application.config.hosts << "product.com"
-```
 Read more about it here in the [Rails Guides](https://guides.rubyonrails.org/configuring.html#configuring-middleware)
 ### Rack Configuration
@@ -113,7 +107,9 @@ A Resource path can be specified as exact string match (`/path/to/file.txt`) or
 ### Origin Matching
-When specifying an origin, make sure that it does not have a trailing slash.
+* When specifying an origin, make sure that it does not have a trailing slash.
+* When specifying an HTTP origin that uses the scheme's default port (e.g. `http://example.test:80`), some clients may not strip the port which could result in unexpected blocked requests (additional context [here](https://github.com/request/request/pull/2904)).
 ### Testing Postman and/or cURL
@@ -135,13 +131,13 @@ Here are some scenarios where incorrect positioning have created issues:
 You can run the following command to see what the middleware stack looks like:
 ```bash
-bundle exec rake middleware
+bundle exec rails middleware
 ```
 Note that the middleware stack is different in production.  For example, the `ActionDispatch::Static` middleware will not be part of the stack if `config.serve_static_assets = false`.  You can run this to see what your middleware stack looks like in production:
 ```bash
-RAILS_ENV=production bundle exec rake middleware
+RAILS_ENV=production bundle exec rails middleware
 ```
 ### Serving static files
@@ -158,3 +154,7 @@ has a custom protocol (`chrome-extension://`, `ionic://`, etc.) simply exclude t
 For example, instead of specifying `chrome-extension://aomjjhallfgjeglblehebfpbcfeobpga` specify `aomjjhallfgjeglblehebfpbcfeobpga` in `origins`.
 As of 2.0.0 (currently in RC1), you can specify origins with a custom protocol.
+### Rails 6 Host Matching
+Rails 6 will block requests from unauthorized hosts, and this issue can be confused as a CORS related error. So in development, if you're making requests using something other than localhost or 127.0.0.1, make sure the server host has been authorized. [More info here](https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization)

data/lib/rack/cors/resource.rb CHANGED Viewed

@@ -106,7 +106,7 @@ module Rack
       def compile(path)
         if path.respond_to? :to_str
-          special_chars = %w[. + ( )]
+          special_chars = %w[. + ( ) $]
           pattern =
             path.to_str.gsub(%r{((:\w+)|/\*|[\*#{special_chars.join}])}) do |match|
               case match

data/lib/rack/cors/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Rack
   class Cors
-    VERSION = '2.0.1'
+    VERSION = '3.0.0'
   end
 end

metadata CHANGED Viewed

@@ -1,29 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: rack-cors
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 3.0.0
 platform: ruby
 authors:
 - Calvin Yu
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-17 00:00:00.000000000 Z
+date: 2025-05-16 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.14
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.14
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -48,30 +62,30 @@ dependencies:
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.11.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.11.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -136,37 +150,22 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/ci.yaml"
-- ".rubocop.yml"
 - CHANGELOG.md
-- Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - lib/rack/cors.rb
 - lib/rack/cors/resource.rb
 - lib/rack/cors/resources.rb
 - lib/rack/cors/resources/cors_misconfiguration_error.rb
 - lib/rack/cors/result.rb
 - lib/rack/cors/version.rb
-- rack-cors.gemspec
-- test/.rubocop.yml
-- test/cors/expect.js
-- test/cors/mocha.css
-- test/cors/mocha.js
-- test/cors/runner.html
-- test/cors/test.cors.coffee
-- test/cors/test.cors.js
-- test/unit/cors_test.rb
-- test/unit/dsl_test.rb
-- test/unit/insecure.ru
-- test/unit/non_http.ru
-- test/unit/test.ru
 homepage: https://github.com/cyu/rack-cors
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  changelog_uri: https://github.com/cyu/rack-cors/blob/master/CHANGELOG.md
+  funding_uri: https://github.com/sponsors/cyu
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -181,20 +180,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
-signing_key:
+rubygems_version: 3.4.19
+signing_key:
 specification_version: 4
 summary: Middleware for enabling Cross-Origin Resource Sharing in Rack apps
-test_files:
-- test/.rubocop.yml
-- test/cors/expect.js
-- test/cors/mocha.css
-- test/cors/mocha.js
-- test/cors/runner.html
-- test/cors/test.cors.coffee
-- test/cors/test.cors.js
-- test/unit/cors_test.rb
-- test/unit/dsl_test.rb
-- test/unit/insecure.ru
-- test/unit/non_http.ru
-- test/unit/test.ru
+test_files: []

data/.github/workflows/ci.yaml DELETED Viewed

@@ -1,39 +0,0 @@
-name: ci
-on:
-  - push
-  - pull_request
-jobs:
-  test:
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby:
-          - "2.3"
-          - "2.4"
-          - "2.5"
-          - "2.6"
-          - "2.7"
-          - "3.0"
-          - "3.1"
-          - "3.2"
-          - truffleruby-head
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          bundler-cache: true
-      - run: bundle exec rake test
-  rubocop:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.2.1
-          bundler-cache: true
-      - run: bundle exec rubocop

data/.rubocop.yml DELETED Viewed

@@ -1,31 +0,0 @@
----
-AllCops:
-  Exclude:
-    - "examples/**/*"
-    - "vendor/**/*"
-# Disables
-Layout/LineLength:
-  Enabled: false
-Style/Documentation:
-  Enabled: false
-Metrics/ClassLength:
-  Enabled: false
-Metrics/MethodLength:
-  Enabled: false
-Metrics/BlockLength:
-  Enabled: false
-Style/HashEachMethods:
-  Enabled: false
-Style/HashTransformKeys:
-  Enabled: false
-Style/HashTransformValues:
-  Enabled: false
-Style/DoubleNegation:
-  Enabled: false
-Metrics/CyclomaticComplexity:
-  Enabled: false
-Metrics/PerceivedComplexity:
-  Enabled: false
-Metrics/AbcSize:
-  Enabled: false

data/Gemfile DELETED Viewed

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-source 'https://rubygems.org'
-# Specify your gem's dependencies in rack-cors.gemspec
-gemspec
-gem 'pry-byebug', '~> 3.6.0'

data/Rakefile DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/*_test.rb'
-  test.verbose = true
-end
-task default: :test
-require 'rdoc/task'
-Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ''
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "rack-cors #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end

data/rack-cors.gemspec DELETED Viewed

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'rack/cors/version'
-Gem::Specification.new do |spec|
-  spec.name          = 'rack-cors'
-  spec.version       = Rack::Cors::VERSION
-  spec.authors       = ['Calvin Yu']
-  spec.email         = ['me@sourcebender.com']
-  spec.description   = 'Middleware that will make Rack-based apps CORS compatible. Fork the project here: https://github.com/cyu/rack-cors'
-  spec.summary       = 'Middleware for enabling Cross-Origin Resource Sharing in Rack apps'
-  spec.homepage      = 'https://github.com/cyu/rack-cors'
-  spec.license       = 'MIT'
-  spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR).reject { |f| (f == '.gitignore') || f =~ /^examples/ }
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ['lib']
-  spec.add_dependency 'rack', '>= 2.0.0'
-  spec.add_development_dependency 'bundler', '>= 1.16.0', '< 3'
-  spec.add_development_dependency 'minitest', '~> 5.11.0'
-  spec.add_development_dependency 'mocha', '~> 1.6.0'
-  spec.add_development_dependency 'pry', '~> 0.12'
-  spec.add_development_dependency 'rack-test', '>= 1.1.0'
-  spec.add_development_dependency 'rake', '~> 12.3.0'
-  spec.add_development_dependency 'rubocop', '~> 0.80.1'
-end

data/test/.rubocop.yml DELETED Viewed

@@ -1,8 +0,0 @@
----
-inherit_from: ../.rubocop.yml
-# Disables
-Style/ClassAndModuleChildren:
-  Enabled: false
-Security/Eval:
-  Enabled: false