rack-disable_css_animations 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 066fb57f2552ab1537853e3133bcaaf887f15aa475192748c8ac14a5b69372f8
-  data.tar.gz: b2006f786cbe9d6c4f7e2fb300e34cecfb9e9244964f79e282386766fd3f48e2
+  metadata.gz: ea999d1e3559763383af7d5ee86a43a11d39db3b96a94f6ddd9b4e475948217c
+  data.tar.gz: 93fe65b137aeab7996bf2251eea15533a96954654113c754c908ca3408d7f7c8
 SHA512:
-  metadata.gz: de2919ae4ef71a3a6f18f286ae746113963f3e7606a90da80b99650b1b7d7ab93775966548f0f29e106cbcb6cd01b97c2bc780fe38e2dd21208ec49029335255
-  data.tar.gz: 1a8c171793683cb954db7598324fa3982901e606144b1b34ef7c948ac84bc4ccc0b0abbb736acdd5c91aaa4f3b0e363af45409805709bd9dfa977e542d5f85e8
+  metadata.gz: 33e7ed70f886c5b1ac11fcb98bc4783afdcd902dfae88f007180dcc773f9655115f02736decdb5fd530ad35a1a885c02f8fb53755c57ae2f9b7f412f18788cec
+  data.tar.gz: 252f743b815f325d8173caf19338987efa87a0e027b9208521eac101c4dcc9c931dfc2f6cf912fac8161b94acaa842dc1665a8c3ebe1501a132ea3a6db749177

data/.github/workflows/main.yml

@@ -0,0 +1,18 @@
+name: CI
+on: [push, pull_request]
+jobs:
+  test:
+    strategy:
+      matrix:
+        ruby: [ "3.3", "3.4", "4.0" ]
+
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

data/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+## 0.5.0
+
+- Add CSP nonce support: when the response's `Content-Security-Policy` header sets a `style-src 'nonce-…'`, the injected `<style>` tag now carries a matching `nonce` attribute so it is not blocked by CSP.
+
+## 0.4.0
+
+- Add stub for manual requiring.
+- Automatically add to the middleware stack when required after Rails.
+
+## 0.3.0
+
+- Disable `scroll-behavior` as well.
+- CSS prefixes are no longer needed.
+
+## 0.2.0
+
+- Actually disable the animations.
+- `0` is not a valid value for the `animation-duration` property.
+
+## 0.1.1
+
+- Use prefix methods too (PhantomJS needed the `-webkit` prefix).
+
+## 0.1.0
+
+- Initial release.

data/README.md

@@ -8,21 +8,9 @@ Add this line to your application's Gemfile:
 
     gem 'rack-disable_css_animations'
 
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install rack-disable_css_animations
-
 ## Usage
 
-If using Rails, add the middleware to your test environment in `config/environments/test.rb`:
-
-```ruby
-  config.middleware.use Rack::DisableCSSAnimations
-```
+If using Rails, this will be automatically added to your middleware stack when required after Rails, so only require it in the environments you want it in.
 
 ## Contributing
 

data/Rakefile

@@ -1,2 +1,10 @@
 require "bundler/gem_tasks"
+require "rake/testtask"
 
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/test_*.rb"]
+end
+
+task default: :test

data/lib/rack/disable_css_animations/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class DisableCSSAnimations
-    VERSION = "0.3.0"
+    VERSION = "0.5.0"
   end
 end

data/lib/rack/disable_css_animations.rb

@@ -2,6 +2,12 @@ require "rack/disable_css_animations/version"
 
 module Rack
   class DisableCSSAnimations
+    if defined?(Rails)
+      class Rails < Rails::Railtie
+        config.app_middleware.use DisableCSSAnimations
+      end
+    end
+
     def initialize app
       @app = app
     end
@@ -10,6 +16,8 @@ module Rack
       @status, @headers, @body = @app.call(env)
       return [@status, @headers, @body] unless html?
 
+      @style_nonce = directive_nonces["style-src"]
+
       response = Rack::Response.new([], @status, @headers)
       @body.each do |fragment|
         response.write inject(fragment)
@@ -25,9 +33,27 @@ module Rack
       @headers["Content-Type"] =~ /html/
     end
 
+    def csp_header
+      @headers["Content-Security-Policy"] || @headers["content-security-policy"] || ""
+    end
+
+    def directive_nonces
+      csp_header.split(";").each_with_object({}) do |directive, nonces|
+        tokens = directive.split
+        name = tokens.shift
+        next unless name
+        nonce = tokens.find { |t| t =~ /\A'nonce-(.+)'\z/ } && $1
+        nonces[name] = nonce if nonce
+      end
+    end
+
+    def style_tag
+      @style_nonce ? %(<style nonce="#{@style_nonce}">) : "<style>"
+    end
+
     def inject response
       markup = <<-CSS
-        <style>
+        #{style_tag}
           * {
             animation-delay: 0s !important;
             animation-duration: 0.01s !important;

data/lib/rack-disable_css_animations.rb

@@ -0,0 +1 @@
+require "rack/disable_css_animations"

data/rack-disable_css_animations.gemspec

@@ -22,4 +22,6 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "rack-test"
 end

data/test/test_disable_css_animations.rb

@@ -0,0 +1,84 @@
+require "minitest/autorun"
+require "rack/test"
+require "rack/disable_css_animations"
+
+class TestDisableCSSAnimations < Minitest::Test
+  include Rack::Test::Methods
+
+  HTML_BODY = "<html><head><title>Test</title></head><body>hi</body></html>"
+
+  attr_accessor :response_status, :response_headers, :response_body
+
+  def app
+    outer_self = self
+    Rack::DisableCSSAnimations.new(lambda do |_env|
+      [outer_self.response_status, outer_self.response_headers, [outer_self.response_body]]
+    end)
+  end
+
+  def setup
+    self.response_status = 200
+    self.response_headers = { "Content-Type" => "text/html" }
+    self.response_body = HTML_BODY
+  end
+
+  def test_non_html_response_is_passed_through_unchanged
+    self.response_headers = { "Content-Type" => "application/json" }
+    self.response_body = %({"foo":"bar"})
+
+    get "/"
+
+    assert_equal %({"foo":"bar"}), last_response.body
+  end
+
+  def test_html_response_injects_style_tag
+    get "/"
+
+    assert_includes last_response.body, "<style>"
+    assert_includes last_response.body, "animation-duration: 0.01s !important"
+    refute_includes last_response.body, "nonce="
+  end
+
+  def test_injects_before_closing_head
+    get "/"
+
+    style_index = last_response.body.index("<style")
+    head_close_index = last_response.body.index("</head>")
+    assert style_index < head_close_index
+  end
+
+  def test_style_src_nonce_is_copied_onto_style_tag
+    self.response_headers["Content-Security-Policy"] = "style-src 'nonce-abc123' 'self'; script-src 'nonce-xyz789'"
+
+    get "/"
+
+    assert_includes last_response.body, %(<style nonce="abc123">)
+    refute_includes last_response.body, "<style>"
+  end
+
+  def test_csp_without_style_src_nonce_injects_plain_style_tag
+    self.response_headers["Content-Security-Policy"] = "default-src 'self'; script-src 'nonce-xyz789'"
+
+    get "/"
+
+    assert_includes last_response.body, "<style>"
+    refute_includes last_response.body, "nonce="
+  end
+
+  def test_csp_with_style_src_but_no_nonce_injects_plain_style_tag
+    self.response_headers["Content-Security-Policy"] = "style-src 'self' 'unsafe-inline'"
+
+    get "/"
+
+    assert_includes last_response.body, "<style>"
+    refute_includes last_response.body, "nonce="
+  end
+
+  def test_lowercase_csp_header_is_also_recognized
+    self.response_headers = { "Content-Type" => "text/html", "content-security-policy" => "style-src 'nonce-lower1'" }
+
+    get "/"
+
+    assert_includes last_response.body, %(<style nonce="lower1">)
+  end
+end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rack-disable_css_animations
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Micah Geisel
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-09-22 00:00:00.000000000 Z
+date: 2026-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -52,6 +51,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Rack middleware to disable CSS animations sitewide. Useful for making
   acceptance tests quicker and more deterministic.
 email:
@@ -61,20 +88,23 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/main.yml"
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/setup
+- lib/rack-disable_css_animations.rb
 - lib/rack/disable_css_animations.rb
 - lib/rack/disable_css_animations/version.rb
 - rack-disable_css_animations.gemspec
+- test/test_disable_css_animations.rb
 homepage: https://github.com/botandrose/rack-disable_css_animations
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -89,8 +119,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Rack middleware to disable CSS animations sitewide.
-test_files: []
+test_files:
+- test/test_disable_css_animations.rb