rack-protection 2.2.1 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack/protection/ip_spoofing.rb +5 -3
  3. data/lib/rack/protection/version.rb +1 -1
  4. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e901f1cfa34ea0aa6b13be17c71316ae7dbbea93a778f0987e3bac6d795d502
4
- data.tar.gz: 701fb3d7ae00c8c15326c179905d46a4a1ce43c038158247c11969eb80358dee
3
+ metadata.gz: 41643b8e96c39cab78011412440435328537bdccf21141fd3a448b3b3fd905ba
4
+ data.tar.gz: 94385c3ad84be0e4a7472efb54f1eb7c4b373c7b6c845bdf1b66b03bef9ad63d
5
5
  SHA512:
6
- metadata.gz: 32a5cfa10061ee479768089916d00b0c39c68f7e0a851221307d88a63bc31f53f3034e87e192061ec6cae5f15cccaff07c0609986d21d2e09f9bf9845255a3b0
7
- data.tar.gz: 913396747a895659eb7609e278242939895816a9dab7f1e9ad99c0dd17c05e44edf406c8a53347c47d7a6eb2a04feae0e19af99099fc623a16d434ec87abaa78
6
+ metadata.gz: fe3546ac3539741b388c9468bd79b9773b2fbb4a0ed02b71e43b1940008c631232f832e0ec4d93408a3d2a73e7e2ae676b541241798fd2219099c85ebab9267d
7
+ data.tar.gz: 00dbd06226c8481fbd292171b797407a79dee5fa76a20ec90c3f9d4dec3e24d15ad383c4824589084b7f5639644a19c3cfdf8be3ecdbe03ae4162ef3a576fc2c
data/lib/rack/protection/ip_spoofing.rb CHANGED
@@ -13,9 +13,11 @@ module Rack
13
13
 
14
14
  def accepts?(env)
15
15
  return true unless env.include? 'HTTP_X_FORWARDED_FOR'
16
- ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
17
- return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
18
- return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
16
+
17
+ ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
18
+ return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
19
+ return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
20
+
19
21
  true
20
22
  end
21
23
  end
data/lib/rack/protection/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Protection
3
- VERSION = '2.2.1'
3
+ VERSION = '2.2.2'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-15 00:00:00.000000000 Z
11
+ date: 2022-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -106,7 +106,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
106
106
  - !ruby/object:Gem::Version
107
107
  version: '0'
108
108
  requirements: []
109
- rubygems_version: 3.0.3.1
109
+ rubyforge_project:
110
+ rubygems_version: 2.7.6.3
110
111
  signing_key:
111
112
  specification_version: 4
112
113
  summary: Protect against typical web attacks, works with all Rack apps, including