rack-protection-maximum_cookie 0.4.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e0047e3e925b373963124935290d165fe6ace97a
+  data.tar.gz: 260e3fc72618ce92fd0e0bb9b880945bb754eee6
+SHA512:
+  metadata.gz: 7027cac6bc57aeb935ecbd7e2cda7cddea6a71c19339edce7090d57fc08396be7f6758357b6b314982a49b1ee3dc8e03c41fa7dd7ab6e447130e167f2597bfb5
+  data.tar.gz: ee7e315fcc2652327321244d62e4de4797daa553b8a1698e202aa9a455203c9831338a311027a9c74a03eb10765d35b8c673a810915978e0fcbac7558c48bc00

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,24 @@
+sudo: false
+language: ruby
+rvm:
+  - ruby-head
+  - 2.4.2
+  - 2.3.5
+  - 2.2.8
+  - 2.1.10
+  - jruby-head
+  - jruby-9.1.13.0
+  - jruby-9.0.5.0
+env:
+  - RACK_VERSION='~> 2.0.0'
+  - RACK_VERSION='~> 1.6.8'
+  - RACK_VERSION='~> 1.5.5'
+  - RACK_VERSION='~> 1.4.7'
+before_install: gem install bundler -v 1.15.4
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: jruby-head
+  exclude:
+    - rvm: 2.1.10
+      env: RACK_VERSION='~> 2.0.0'

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Mike Pastore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,186 @@
+# Rack::Protection::MaximumCookie
+
+[![Gem Version](https://badge.fury.io/rb/rack-protection-maximum_cookie.svg)](https://badge.fury.io/rb/rack-protection-maximum_cookie)
+[![Build Status](https://travis-ci.org/mwpastore/rack-protection-maximum_cookie.svg?branch=master)](https://travis-ci.org/mwpastore/rack-protection-maximum_cookie)
+
+Some bugs in Rack may cause cookies to be silently dropped—or worse,
+truncated, leading to token leakage (i.e. transmission of a private session
+over a insecure connection), cross-site scripting vulnerabilities, and/or
+cross-site request forgery vulnerabilities. This gem provides a middleware that
+tries to prevent these scenarios from occurring.
+
+### Caveats
+
+1.  Most modern browsers no longer have a [per-domain cookie size limit][1],
+    so if you only care about modern browsers, go ahead and set `:per_domain?`
+    to false. You'll benefit from the per-domain cookie limit and per-cookie
+    bytesize limit (since most browsers still have some form of these limits,
+    and Rack's built-in check for them is nonexistent in the former case and
+    not implemented correctly in the latter).
+
+2.  Browsers that do have per-domain cookie limits enforce these limits
+    client-side, cumulatively over time. If you were to set a new cookie, every
+    few minutes, one at a time, eventually you'd hit a limit. Or another
+    service could be setting cookies for the domain your service listens on. If
+    this is a concern for your app, see the `:stateful?` option below.
+
+    In practice, your service is most likely setting the same cookies, for the
+    same domains, every response, all in the same response, and it knows about
+    all the cookies being set, so the default behavior of this gem should be
+    appropriate in those cases.
+
+## Installation
+
+Add this line to your app's Gemfile:
+
+```ruby
+gem 'rack-protection-maximum_cookie'
+```
+
+And then execute:
+
+```console
+$ bundle
+```
+
+Or install it yourself as:
+
+```console
+$ gem install rack-protection-maximum_cookie
+```
+
+## Usage
+
+Add this statement to your Rackup script or middleware-capable Rack app such as
+Sinatra:
+
+```ruby
+use Rack::Protection::MaximumCookie
+```
+
+Or Rails:
+
+> TODO: Somebody please tell me how to insert this and before or after what in
+> Rails' middleware stack.
+
+This middleware raises exceptions, so you'll want to use an error-reporting
+service like Sentry, Rollbar, or Airbrake, and insert this middleware after it.
+
+### Advanced
+
+Rack::Protection::MaximumCookie accepts the following `use`-time options:
+
+* `:limit` *Integer*
+
+  Maximum number of cookies per domain. **50 cookies by default.** Set to a
+  negative number to disable.
+
+* `:bytesize_limit` *Integer*
+
+  Maximum size—in bytes—of cookies per domain (if `:per_domain?` is
+  set to true), or the maximum size of each cookie (if `:per_domain?` is set to
+  false). **4,096 bytes by default.** Set to a negative number to disable.
+
+* `:overhead` *Integer*
+
+  Overhead—in bytes—per cookie. **Three (3) bytes by default.** Set to
+  zero to disable.
+
+* `:per_domain?` *Boolean*
+
+  If true, apply the bytesize limit (e.g. 4,096 bytes—minus any
+  per-cookie overhead) per domain. **This is the default behavior.**
+
+  If false, apply the bytesize limit (e.g. 4,096 bytes—minus any
+  overhead) per cookie.
+
+* `:strict?` *Boolean*
+
+  If false, each sub-domain gets its own quota, separate from its second-level
+  domain. **This is the default behavior.**
+
+  If true, `:per_domain?` is forced to true, and each second-level domain's
+  cookies count towards its sub-domains' quotas. For example, if you have
+  cookies for example<i></i>.org totaling 4,000 bytes, you wouldn't be able to
+  set an additional 100-byte cookie on foo.example<i></i>.org in the same
+  request.
+
+* `:stateful?` *Boolean*
+
+  If false, the cookies are evaluated for each response in isolation, i.e.
+  statelessly. **This is the default behavior.**
+
+  If true, `:strict?` is forced to true, and Rack::Protection::MaximumCookie
+  will attempt to compensate for cookies that were set for the domain in
+  previous responses (by this or other web services) but are not present in the
+  current response.
+
+  > This mechanism has its limits. First of all, browsers don't send cookie
+  > directives in request headers&mdash;only key=value pairs&mdash;so in order
+  > to compute the actual size of these cookies,
+  > Rack::Protection::MaximumCookie must estimate the upper bound of the
+  > bytesize of the directives in the original Set-Cookie headers. This
+  > *should* work reasonably well as long as your app doesn't rely on any
+  > non-standard directives or other quirky browser behavior.
+  >
+  > Secondly, browsers won't send cookies if their paths don't match the
+  > request path. This means that if you're setting two cookies, one for
+  > example<i></i>.org/foo and one for example<i></i>.org/bar, requests to
+  > either path won't include the other's cookie. That defeats this mechanism,
+  > as both cookies count toward example<i></i>.org's quota, but they aren't
+  > able to be properly accounted for in the request. The only "workaround" is
+  > to architect your app such that all cookies are set under a path common to
+  > all routes. Unfortunately, this may lead to other security issues.
+  >
+  > This is an ugly wart on HTTP and the reason why modern browsers don't have
+  > per-domain cookie size limits and drop cookies instead of truncating them.
+
+#### Block Argument
+
+If you don't want to raise exceptions, only want to raise exceptions under
+certain conditions, or want to customize the exception, you can modify the
+behavior by passing a block to the middleware initializer:
+
+```ruby
+use Rack::Protection::MaximumCookie do |env|
+  raise MyCustomError, 'Someone broke the cookie jar!' if env['foo.bar']
+end
+```
+
+If the block returns a truthy value, the default exception will be raised:
+
+```ruby
+use(Rack::Protection::MaximumCookie) { |env| env['foo.bar'] }
+```
+
+Keep in mind that the block receives the mutated *response* `env`.
+
+I'm interested in hearing use-cases for this feature and I'm open to passing
+additional arguments to the block. Open a new issue to document and discuss.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake spec` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at
+https://github.com/mwpastore/rack-protection-maximum_cookie.
+
+Please let me know if I've made any invalid assumptions or conclusions about
+the HTTP specification or older browser behavior.
+
+## License
+
+The gem is available as open source under the terms of the [MIT
+License](http://opensource.org/licenses/MIT).
+
+[1]: http://browsercookielimits.squawky.net

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default=>:test

data/bin/console

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'irb'
+require 'rack/protection/maximum_cookie'
+
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/lib/rack-protection-maximum_cookie.rb

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+require 'rack/protection/maximum_cookie'

data/lib/rack/protection/maximum_cookie.rb

@@ -0,0 +1,259 @@
+# frozen_string_literal: true
+require 'rack/protection/maximum_cookie/version'
+
+require 'date'
+require 'public_suffix'
+require 'rack'
+require 'rack/request'
+require 'resolv'
+require 'set'
+
+module Rack
+  SET_COOKIE = 'Set-Cookie'.freeze unless defined?(SET_COOKIE)
+
+  class Request
+    unless method_defined?(:hostname)
+      # TODO: Submit a PR to add this to Rack::Request a la URI#host vs. URI#hostname.
+      def hostname
+        host = host()
+        host[/\A\[([^\]]+)\]\z/, 1] || host
+      end
+    end
+  end
+
+  module Protection
+    class MaximumCookie
+      HEADER_SEP_RE = %r{\r?\n|\0}.freeze
+      COOKIE_DOMAIN_RE = %r{;\s*[Dd][Oo][Mm][Aa][Ii][Nn]=([^;]+)}.freeze
+      COOKIE_KEY_RE = %r{\A[^=]+}.freeze
+
+      attr_reader :app
+      attr_reader :handler
+      attr_reader :public_suffix_list
+
+      def limit
+        @options[:limit]
+      end
+
+      def limit?
+        @options[:limit] >= 0
+      end
+
+      def bytesize_limit
+        @options[:bytesize_limit]
+      end
+
+      def bytesize_limit?
+        @options[:bytesize_limit] >= 0
+      end
+
+      def overhead
+        @options[:overhead]
+      end
+
+      def per_domain?
+        @options[:per_domain?]
+      end
+
+      def strict?
+        @options[:strict?]
+      end
+
+      def stateful?
+        @options[:stateful?]
+      end
+
+      def initialize(app, options={}, &block)
+        @app = app
+        @handler = block
+
+        @options = {}.tap do |h|
+          h[:limit] = Integer(options.fetch(:limit, 50))
+          h[:bytesize_limit] = Integer(options.fetch(:bytesize_limit, 4_096))
+          h[:overhead] = Integer(options.fetch(:overhead, 3))
+          h[:stateful?] = !!options.fetch(:stateful?, options.fetch(:stateful, false))
+          h[:strict?] = h[:stateful?] || !!options.fetch(:strict?, options.fetch(:strict, false))
+          h[:per_domain?] = h[:strict?] || !!options.fetch(:per_domain?, options.fetch(:per_domain, true))
+
+          h.freeze
+        end
+
+        if strict?
+          # Allow non-ICANN domains to be handled the same as ICANN domains.
+          @public_suffix_list = PublicSuffix::List.parse(::File.read(PublicSuffix::List::DEFAULT_LIST_PATH), :private_domains=>false)
+        end
+
+        unless limit? || bytesize_limit?
+          abort 'No limits, nothing to do!'
+        end
+      end
+
+      def call(env)
+        status, headers, body = app.call(env)
+        if headers.key?(SET_COOKIE)
+          check_cookies env, Rack::Request.new(env),
+            normalize_cookie_header(headers[SET_COOKIE])
+        end
+        [status, headers, body]
+      end
+
+      private
+
+      def check_cookies(env, request, cookies)
+        default_subdomain = foldcase(request.hostname)
+
+        keys = Hash.new { |h, k| h[k] = Set.new } if stateful?
+        count = Hash.new { |h, k| h[k] = 0 }
+        bytesize = Hash.new { |h, k| h[k] = 0 } if per_domain?
+
+        cookies.each do |cookie|
+          # TODO: Skip "delete" cookies?
+
+          if (subdomain = cookie[COOKIE_DOMAIN_RE, 1])
+            foldcase!(subdomain)
+          else
+            subdomain = default_subdomain
+          end
+
+          keys[subdomain] << cookie[COOKIE_KEY_RE] if keys
+          count[subdomain] += 1
+          bytesize[subdomain] += cookie.bytesize + overhead if bytesize
+        end
+
+        if stateful?
+          # Fold the request cookies (that aren't also present in the response)
+          # into our totals.
+          fold(request, keys) do |domain, cookie_bytesize|
+            count[domain] += 1
+            bytesize[domain] += cookie_bytesize + overhead
+          end
+        end
+
+        if strict?
+          # Add the values for each second-level domain (e.g. example.com) to
+          # the values for its subdomains (e.g. foo. and bar.example.com).
+          propogate_values(count)
+          propogate_values(bytesize)
+        end
+
+        check_limit_per_domain(env, count, limit) if limit?
+
+        if bytesize_limit?
+          if per_domain?
+            check_bytesize_limit_per_domain(env, bytesize, bytesize_limit)
+          else
+            check_bytesize_limit_per_cookie(env, cookies, bytesize_limit - overhead)
+          end
+        end
+      end
+
+      def check_limit_per_domain(env, acc, limit)
+        bad_domains = acc
+          .keep_if { |_, value| value > limit }
+          .keys
+
+        if bad_domains.any? && handle(env)
+          raise_error "Too many cookies for domain(s): #{bad_domains.join(', ')}"
+        end
+      end
+
+      def check_bytesize_limit_per_domain(env, acc, limit)
+        bad_domains = acc
+          .keep_if { |_, value| value > limit }
+          .keys
+
+        if bad_domains.any? && handle(env)
+          raise_error "Too much cookie data for domain(s): #{bad_domains.join(', ')}"
+        end
+      end
+
+      def check_bytesize_limit_per_cookie(env, cookies, limit)
+        bad_cookies = cookies
+          .keep_if { |cookie| cookie.bytesize > limit }
+          .map! { |cookie| cookie[COOKIE_KEY_RE] }
+          .tap(&:uniq!)
+
+        if bad_cookies.any? && handle(env)
+          raise_error "Too much data for cookie(s): #{bad_cookies.join(', ')}"
+        end
+      end
+
+      def domain(hostname)
+        return hostname if hostname =~ Resolv::IPv4::Regex || hostname =~ Resolv::IPv6::Regex
+
+        PublicSuffix.domain(hostname, :list=>public_suffix_list) || hostname
+      end
+
+      def handle(env)
+        handler.nil? || handler.call(env)
+      end
+
+      def normalize_cookie_header(value)
+        Array(value)
+          .flat_map { |h| h.to_s.split(HEADER_SEP_RE) }
+          .tap(&:compact!)
+      end
+
+      if String.instance_method(:downcase).arity.abs > 0
+        def foldcase(str)
+          str.downcase(:fold)
+        end
+
+        def foldcase!(str)
+          str.downcase!(:fold)
+        end
+      else
+        def foldcase(str)
+          str.downcase
+        end
+
+        def foldcase!(str)
+          str.downcase!
+        end
+      end
+
+      def fold(request, response_cookie_keys)
+        # Assume that all request cookies have a domain of the default
+        # subdomain (e.g. foo.example.com) or its second-level domain (e.g.
+        # example.com).
+        domains = [foldcase(request.hostname)].tap do |a|
+          a.unshift(domain(a.first))
+          a.uniq!
+        end
+
+        request.cookies.each_pair do |key, value|
+          # *Try* to prevent double-counting cookies (i.e. on the response
+          # and the request).
+          next if domains.any? { |domain| response_cookie_keys[domain].include?(key) }
+
+          # *Try* to estimate the upper bound of the size of the cookie and its
+          # directives in the original Set-Cookie header.
+          # TODO: Replace this with a simpler byte count for efficiency?
+          mock_cookie = String.new("#{key}=#{value}").tap do |s|
+            s << "; Expires=#{Date.today.httpdate}"
+            s << '; Max-Age=123456'
+            s << "; Domain=#{domains.last}"
+            s << "; Path=#{request.script_name}"
+            s << '; Secure' if request.ssl?
+            s << '; HttpOnly; SameSite=strict'
+          end
+
+          yield domains.first, mock_cookie.bytesize
+        end
+      end
+
+      def propogate_values(hash)
+        hash.each_key do |subdomain|
+          sld = domain(subdomain)
+          next if sld == subdomain
+          next unless hash.key?(sld)
+          hash[subdomain] += hash[sld]
+        end
+      end
+
+      def raise_error(message)
+        fail message
+      end
+    end
+  end
+end

data/lib/rack/protection/maximum_cookie/version.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: false
+module Rack
+  module Protection
+    class MaximumCookie
+      VERSION = '0.4.2'.freeze
+    end
+  end
+end

data/rack-protection-maximum_cookie.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rack/protection/maximum_cookie/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'rack-protection-maximum_cookie'
+  spec.version       = Rack::Protection::MaximumCookie::VERSION
+  spec.authors       = ['Mike Pastore']
+  spec.email         = ['mike@oobak.org']
+
+  spec.summary       = %q{Properly enforce cookie limits in Rack responses}
+  spec.homepage      = 'https://github.com/mwpastore/rack-protection-maximum_cookie#readme'
+  spec.license       = 'MIT'
+
+  spec.files         = %x{git ls-files -z}.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = %w[lib]
+
+  spec.required_ruby_version = '>= 2.1.10'
+
+  spec.add_dependency 'public_suffix', '~> 3.0'
+  spec.add_dependency 'rack', ENV.fetch('RACK_VERSION', ['>= 1.4.7', '< 2.1'])
+
+  spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'rack-test', '~> 0.7.0'
+  spec.add_development_dependency 'rake', '~> 12.0'
+end

metadata

@@ -0,0 +1,146 @@
+--- !ruby/object:Gem::Specification
+name: rack-protection-maximum_cookie
+version: !ruby/object:Gem::Version
+  version: 0.4.2
+platform: ruby
+authors:
+- Mike Pastore
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-11-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: public_suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.7
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.7
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+description: 
+email:
+- mike@oobak.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/rack-protection-maximum_cookie.rb
+- lib/rack/protection/maximum_cookie.rb
+- lib/rack/protection/maximum_cookie/version.rb
+- rack-protection-maximum_cookie.gemspec
+homepage: https://github.com/mwpastore/rack-protection-maximum_cookie#readme
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.1.10
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Properly enforce cookie limits in Rack responses
+test_files: []