RubyGems - rack-protection - Versions diffs - 0.1.0 → 1.0.0 - Mend

rack-protection 0.1.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rack-protection might be problematic. Click here for more details.

Files changed (6) hide show

data/README.md +15 -1
data/lib/rack/protection/json_csrf.rb +2 -2
data/lib/rack/protection/version.rb +2 -2
data/rack-protection.gemspec +7 -3
data/spec/json_csrf_spec.rb +9 -0
metadata +15 -11

data/README.md CHANGED

@@ -43,6 +43,7 @@ Prevented by:
 * `Rack::Protection::JsonCsrf`
 * `Rack::Protection::RemoteReferrer` (not included by `use Rack::Protection`)
 * `Rack::Protection::RemoteToken`
 ## Cross Site Scripting
 Prevented by:
@@ -70,7 +71,6 @@ Prevented by:
 ## IP Spoofing
 Prevented by:
 * `Rack::Protection::IPSpoofing`
@@ -78,3 +78,17 @@ Prevented by:
 # Installation
     gem install rack-protection
+# History
+## v0.1.0 (2011/06/20)
+First public release.
+## v1.0.0 (2011/09/02)
+First stable release.
+Changes:
+* Fix bug in JsonCsrf

data/lib/rack/protection/json_csrf.rb CHANGED

@@ -7,7 +7,7 @@ module Rack
     # Supported browsers:: all
     # More infos::         http://flask.pocoo.org/docs/security/#json-security
     #
-    # JSON GET APIs are volnurable to being embedded as JavaScript while the
+    # JSON GET APIs are vulnerable to being embedded as JavaScript while the
     # Array prototype has been patched to track data. Checks the referrer
     # even on GET requests if the content type is JSON.
     class JsonCsrf < Base
@@ -15,7 +15,7 @@ module Rack
       def call(env)
         status, headers, body = app.call(env)
-        if headers['Content-Type'].to_s.split(';', 2).first.strip == 'application/json'
+        if headers['Content-Type'].to_s.split(';', 2).first =~ /^\s*application\/json\s*$/
           result = react(env) if referrer(env) != Request.new(env).host
         end
         result or [status, headers, body]

data/lib/rack/protection/version.rb CHANGED

@@ -7,8 +7,8 @@ module Rack
     module VERSION
       extend Comparable
-      MAJOR     = 0
-      MINOR     = 1
+      MAJOR     = 1
+      MINOR     = 0
       TINY      = 0
       SIGNATURE = [MAJOR, MINOR, TINY]
       STRING    = SIGNATURE.join '.'

data/rack-protection.gemspec CHANGED

@@ -2,19 +2,23 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "0.1.0"
+  s.version     = "1.0.0"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
   # generated from git shortlog -sn
   s.authors = [
-    "Konstantin Haase"
+    "Konstantin Haase",
+    "Corey Ward",
+    "Fojas"
   ]
   # generated from git shortlog -sne
   s.email = [
-    "konstantin.mailinglists@googlemail.com"
+    "konstantin.mailinglists@googlemail.com",
+    "coreyward@me.com",
+    "developer@fojasaur.us"
   ]
   # generated from git ls-files

data/spec/json_csrf_spec.rb CHANGED

@@ -20,4 +20,13 @@ describe Rack::Protection::JsonCsrf do
       get('/', {}).should be_ok
     end
   end
+  describe 'not json response' do
+    it "accepts get requests with 304 headers" do
+      mock_app { |e| [304, {}, []]}
+      get('/', {}).status.should == 304
+    end
+  end
 end

metadata CHANGED

@@ -1,19 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
   prerelease:
 platform: ruby
 authors:
 - Konstantin Haase
+- Corey Ward
+- Fojas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-06-20 00:00:00.000000000Z
+date: 2011-09-02 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: &2153646760 !ruby/object:Gem::Requirement
+  requirement: &2151828860 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +23,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153646760
+  version_requirements: *2151828860
 - !ruby/object:Gem::Dependency
   name: escape_utils
-  requirement: &2153646220 !ruby/object:Gem::Requirement
+  requirement: &2151828040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +34,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153646220
+  version_requirements: *2151828040
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2153645700 !ruby/object:Gem::Requirement
+  requirement: &2151827300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +45,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2153645700
+  version_requirements: *2151827300
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2153645080 !ruby/object:Gem::Requirement
+  requirement: &2151826180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +56,12 @@ dependencies:
         version: '2.0'
   type: :development
   prerelease: false
-  version_requirements: *2153645080
+  version_requirements: *2151826180
 description: You should use protection!
 email:
 - konstantin.mailinglists@googlemail.com
+- coreyward@me.com
+- developer@fojasaur.us
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -114,7 +118,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.5
+rubygems_version: 1.8.6
 signing_key:
 specification_version: 3
 summary: You should use protection!