RubyGems - rack-disable_css_animations - Versions diffs - 0.4.0 → 0.5.0 - Mend

rack-disable_css_animations 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/.github/workflows/main.yml +18 -0
data/CHANGELOG.md +28 -0
data/Rakefile +8 -0
data/lib/rack/disable_css_animations/version.rb +1 -1
data/lib/rack/disable_css_animations.rb +21 -1
data/rack-disable_css_animations.gemspec +2 -0
data/test/test_disable_css_animations.rb +84 -0
metadata +36 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f4f052828fc1eef129c74f3265617450794ee647433a6be7e1a424ede568d6e
-  data.tar.gz: 550bc940c02d553d40d4864b44750f924073b135d73e4aac7379d8d46350361d
+  metadata.gz: ea999d1e3559763383af7d5ee86a43a11d39db3b96a94f6ddd9b4e475948217c
+  data.tar.gz: 93fe65b137aeab7996bf2251eea15533a96954654113c754c908ca3408d7f7c8
 SHA512:
-  metadata.gz: cccb5748d6830a131c60f0d8d350ca8fe3d388e97b07cbe94819dbfea2bc14cf684b39530709c5f5adc2ddfd83919b6c062231942793894b3804b6a835932a71
-  data.tar.gz: 51f0f41134048e3fc32865eab28dcf2492b5b09cfe9576fb31bef165a21e8ac109fa063f8028d534e2fff8543f691849d5031c06c8f0de7b8413b396b755cb55
+  metadata.gz: 33e7ed70f886c5b1ac11fcb98bc4783afdcd902dfae88f007180dcc773f9655115f02736decdb5fd530ad35a1a885c02f8fb53755c57ae2f9b7f412f18788cec
+  data.tar.gz: 252f743b815f325d8173caf19338987efa87a0e027b9208521eac101c4dcc9c931dfc2f6cf912fac8161b94acaa842dc1665a8c3ebe1501a132ea3a6db749177

data/.github/workflows/main.yml ADDED Viewed

@@ -0,0 +1,18 @@
+name: CI
+on: [push, pull_request]
+jobs:
+  test:
+    strategy:
+      matrix:
+        ruby: [ "3.3", "3.4", "4.0" ]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Changelog
+## 0.5.0
+- Add CSP nonce support: when the response's `Content-Security-Policy` header sets a `style-src 'nonce-…'`, the injected `<style>` tag now carries a matching `nonce` attribute so it is not blocked by CSP.
+## 0.4.0
+- Add stub for manual requiring.
+- Automatically add to the middleware stack when required after Rails.
+## 0.3.0
+- Disable `scroll-behavior` as well.
+- CSS prefixes are no longer needed.
+## 0.2.0
+- Actually disable the animations.
+- `0` is not a valid value for the `animation-duration` property.
+## 0.1.1
+- Use prefix methods too (PhantomJS needed the `-webkit` prefix).
+## 0.1.0
+- Initial release.

data/Rakefile CHANGED Viewed

@@ -1,2 +1,10 @@
 require "bundler/gem_tasks"
+require "rake/testtask"
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/test_*.rb"]
+end
+task default: :test

data/lib/rack/disable_css_animations/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rack
   class DisableCSSAnimations
-    VERSION = "0.4.0"
+    VERSION = "0.5.0"
   end
 end

data/lib/rack/disable_css_animations.rb CHANGED Viewed

@@ -16,6 +16,8 @@ module Rack
       @status, @headers, @body = @app.call(env)
       return [@status, @headers, @body] unless html?
+      @style_nonce = directive_nonces["style-src"]
       response = Rack::Response.new([], @status, @headers)
       @body.each do |fragment|
         response.write inject(fragment)
@@ -31,9 +33,27 @@ module Rack
       @headers["Content-Type"] =~ /html/
     end
+    def csp_header
+      @headers["Content-Security-Policy"] || @headers["content-security-policy"] || ""
+    end
+    def directive_nonces
+      csp_header.split(";").each_with_object({}) do |directive, nonces|
+        tokens = directive.split
+        name = tokens.shift
+        next unless name
+        nonce = tokens.find { |t| t =~ /\A'nonce-(.+)'\z/ } && $1
+        nonces[name] = nonce if nonce
+      end
+    end
+    def style_tag
+      @style_nonce ? %(<style nonce="#{@style_nonce}">) : "<style>"
+    end
     def inject response
       markup = <<-CSS
-        <style>
+        #{style_tag}
           * {
             animation-delay: 0s !important;
             animation-duration: 0.01s !important;

data/rack-disable_css_animations.gemspec CHANGED Viewed

@@ -22,4 +22,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "rack-test"
 end

data/test/test_disable_css_animations.rb ADDED Viewed

@@ -0,0 +1,84 @@
+require "minitest/autorun"
+require "rack/test"
+require "rack/disable_css_animations"
+class TestDisableCSSAnimations < Minitest::Test
+  include Rack::Test::Methods
+  HTML_BODY = "<html><head><title>Test</title></head><body>hi</body></html>"
+  attr_accessor :response_status, :response_headers, :response_body
+  def app
+    outer_self = self
+    Rack::DisableCSSAnimations.new(lambda do |_env|
+      [outer_self.response_status, outer_self.response_headers, [outer_self.response_body]]
+    end)
+  end
+  def setup
+    self.response_status = 200
+    self.response_headers = { "Content-Type" => "text/html" }
+    self.response_body = HTML_BODY
+  end
+  def test_non_html_response_is_passed_through_unchanged
+    self.response_headers = { "Content-Type" => "application/json" }
+    self.response_body = %({"foo":"bar"})
+    get "/"
+    assert_equal %({"foo":"bar"}), last_response.body
+  end
+  def test_html_response_injects_style_tag
+    get "/"
+    assert_includes last_response.body, "<style>"
+    assert_includes last_response.body, "animation-duration: 0.01s !important"
+    refute_includes last_response.body, "nonce="
+  end
+  def test_injects_before_closing_head
+    get "/"
+    style_index = last_response.body.index("<style")
+    head_close_index = last_response.body.index("</head>")
+    assert style_index < head_close_index
+  end
+  def test_style_src_nonce_is_copied_onto_style_tag
+    self.response_headers["Content-Security-Policy"] = "style-src 'nonce-abc123' 'self'; script-src 'nonce-xyz789'"
+    get "/"
+    assert_includes last_response.body, %(<style nonce="abc123">)
+    refute_includes last_response.body, "<style>"
+  end
+  def test_csp_without_style_src_nonce_injects_plain_style_tag
+    self.response_headers["Content-Security-Policy"] = "default-src 'self'; script-src 'nonce-xyz789'"
+    get "/"
+    assert_includes last_response.body, "<style>"
+    refute_includes last_response.body, "nonce="
+  end
+  def test_csp_with_style_src_but_no_nonce_injects_plain_style_tag
+    self.response_headers["Content-Security-Policy"] = "style-src 'self' 'unsafe-inline'"
+    get "/"
+    assert_includes last_response.body, "<style>"
+    refute_includes last_response.body, "nonce="
+  end
+  def test_lowercase_csp_header_is_also_recognized
+    self.response_headers = { "Content-Type" => "text/html", "content-security-policy" => "style-src 'nonce-lower1'" }
+    get "/"
+    assert_includes last_response.body, %(<style nonce="lower1">)
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rack-disable_css_animations
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Micah Geisel
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-19 00:00:00.000000000 Z
+date: 2026-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -52,6 +51,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Rack middleware to disable CSS animations sitewide. Useful for making
   acceptance tests quicker and more deterministic.
 email:
@@ -61,7 +88,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/main.yml"
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -71,11 +100,11 @@ files:
 - lib/rack/disable_css_animations.rb
 - lib/rack/disable_css_animations/version.rb
 - rack-disable_css_animations.gemspec
+- test/test_disable_css_animations.rb
 homepage: https://github.com/botandrose/rack-disable_css_animations
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -90,8 +119,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Rack middleware to disable CSS animations sitewide.
-test_files: []
+test_files:
+- test/test_disable_css_animations.rb