rack-potentially-secure-cookies 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +44 -0
- data/Rakefile +13 -0
- data/lib/rack/potentially_secure_cookies.rb +33 -0
- metadata +63 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 097d2b73a2a3f4918b9c72fa010efc2eb931a25f
|
|
4
|
+
data.tar.gz: 4c1a16a283d75cfd097252b1c623aeec4a1da1a3
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 63d7f71c2f025c7c30bc1a5b39b7541c633192d12b10e99cf2fe85433877ea83736057eca7288965a936137cc050d721293d21a6c569f1a2dc6f8920d59185db
|
|
7
|
+
data.tar.gz: 38310b5cbe94927af0286ceb9aea34de8d00229dd0fa0fe68aa5fcb2c427d64d141b8cdd8736d3cd23e5a8e399143d30154cfa1c14939fd3b1bc9dc7088e9a28
|
data/MIT-LICENSE
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Copyright 2015 YOURNAME
|
|
2
|
+
|
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
|
+
a copy of this software and associated documentation files (the
|
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
|
9
|
+
the following conditions:
|
|
10
|
+
|
|
11
|
+
The above copyright notice and this permission notice shall be
|
|
12
|
+
included in all copies or substantial portions of the Software.
|
|
13
|
+
|
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# Rack::PotentiallySecureCookie
|
|
2
|
+
|
|
3
|
+
This is a Rack middleware for one very specific purpose;
|
|
4
|
+
|
|
5
|
+
You have a site running on a server that can be accessed through both HTTP and
|
|
6
|
+
HTTPS. Whichever method the user accesses the site she'll never change. So if
|
|
7
|
+
you access the site the first time through HTTPS you will continue to do so.
|
|
8
|
+
|
|
9
|
+
Because security we needed a way to ensure that the cookie flag `Secure` was
|
|
10
|
+
being set whenever our users accesses the site through HTTPS, and to ensure it
|
|
11
|
+
was *not* set when accessing through HTTP as the users couldn't login then.
|
|
12
|
+
|
|
13
|
+
An example of this is:
|
|
14
|
+
|
|
15
|
+
* The site is running on a secured server deep in the middle of a datacenter
|
|
16
|
+
* This site serves the public internet and because of this there's SSL
|
|
17
|
+
termination in front of the site
|
|
18
|
+
* The same site is also being used internally at the company, under a split-view
|
|
19
|
+
setup and these users are not able to go through the SSL termination
|
|
20
|
+
* Since it would be wasteful to run the server with multiple instances of the
|
|
21
|
+
app only to configure the secure cookie setting something to dynamically set
|
|
22
|
+
this needed to be done
|
|
23
|
+
|
|
24
|
+
## Installation and configuration
|
|
25
|
+
|
|
26
|
+
This is available as a gem so just add to your `Gemfile`:
|
|
27
|
+
|
|
28
|
+
```ruby
|
|
29
|
+
gem 'rack-potentially-secure-cookies', require: 'rack/potentially_secure_cookies'
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
In your `environment.rb` (or maybe `environments/production.rb`) add the middleware:
|
|
33
|
+
|
|
34
|
+
```ruby
|
|
35
|
+
config.middleware.insert_before(ActionDispatch::Cookies,
|
|
36
|
+
Rack::PotentiallySecureCookies,
|
|
37
|
+
['_session_id'])
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
The last argument is an array of cookies to force this configuration on.
|
|
41
|
+
|
|
42
|
+
## License
|
|
43
|
+
|
|
44
|
+
MIT License
|
data/Rakefile
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
begin
|
|
2
|
+
require 'bundler/setup'
|
|
3
|
+
rescue LoadError
|
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
|
5
|
+
end
|
|
6
|
+
require 'rspec/core/rake_task'
|
|
7
|
+
|
|
8
|
+
Bundler::GemHelper.install_tasks
|
|
9
|
+
|
|
10
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
|
11
|
+
t.rspec_opts = '--format documentation'
|
|
12
|
+
end
|
|
13
|
+
task :default => :spec
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module Rack
|
|
2
|
+
class PotentiallySecureCookies
|
|
3
|
+
VERSION = '1.0.1'
|
|
4
|
+
|
|
5
|
+
def initialize(app, cookies)
|
|
6
|
+
@app = app
|
|
7
|
+
|
|
8
|
+
# All in the name to make this as fast as possible anything that
|
|
9
|
+
# could be used in multiple requests have been defined here.
|
|
10
|
+
_cookies = "^((#{cookies.join(')|(')}))".freeze
|
|
11
|
+
@configured_cookies = /#{_cookies}/
|
|
12
|
+
@cookies_with_secure = /(#{_cookies}.*?)(; [Ss]ecure)(.*)$/
|
|
13
|
+
@cookies_without_secure = /(#{_cookies}(?!.*[Ss]ecure).*)/
|
|
14
|
+
@secure = /; [Ss]ecure/
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def call(env)
|
|
18
|
+
status, headers, body = @app.call(env)
|
|
19
|
+
|
|
20
|
+
if headers['Set-Cookie'] && @configured_cookies.match(headers['Set-Cookie'])
|
|
21
|
+
request = Rack::Request.new(env)
|
|
22
|
+
|
|
23
|
+
if request.ssl?
|
|
24
|
+
headers['Set-Cookie'].gsub!(@cookies_without_secure, '\1; Secure')
|
|
25
|
+
else
|
|
26
|
+
headers['Set-Cookie'].gsub!(@cookies_with_secure, '\1\3')
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
[status, headers, body]
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: rack-potentially-secure-cookies
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Björn Andersson
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-12-10 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rack
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '0'
|
|
27
|
+
description:
|
|
28
|
+
email:
|
|
29
|
+
- ba@sanitarium.se
|
|
30
|
+
executables: []
|
|
31
|
+
extensions: []
|
|
32
|
+
extra_rdoc_files: []
|
|
33
|
+
files:
|
|
34
|
+
- MIT-LICENSE
|
|
35
|
+
- README.md
|
|
36
|
+
- Rakefile
|
|
37
|
+
- lib/rack/potentially_secure_cookies.rb
|
|
38
|
+
homepage: https://github.com/gaqzi/rack-potentially-secure-cookies
|
|
39
|
+
licenses:
|
|
40
|
+
- MIT
|
|
41
|
+
metadata: {}
|
|
42
|
+
post_install_message:
|
|
43
|
+
rdoc_options: []
|
|
44
|
+
require_paths:
|
|
45
|
+
- lib
|
|
46
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
47
|
+
requirements:
|
|
48
|
+
- - ">="
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: '0'
|
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
52
|
+
requirements:
|
|
53
|
+
- - ">="
|
|
54
|
+
- !ruby/object:Gem::Version
|
|
55
|
+
version: '0'
|
|
56
|
+
requirements: []
|
|
57
|
+
rubyforge_project:
|
|
58
|
+
rubygems_version: 2.2.5
|
|
59
|
+
signing_key:
|
|
60
|
+
specification_version: 4
|
|
61
|
+
summary: Force the secure bit of a cookie depending on whether your connection is
|
|
62
|
+
secure
|
|
63
|
+
test_files: []
|