rack-protection 2.2.2 → 2.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack/protection/ip_spoofing.rb +5 -3
  3. data/lib/rack/protection/version.rb +1 -1
  4. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa9d7fd8b6dd44cfd54fd833a1679efedfccdf76619d0b01e0aa2057f2e8b586
4
- data.tar.gz: f0541b4bf7e3cc865bdca886de807968787e90a26ca4fcd3ff3787496e64a9de
3
+ metadata.gz: 41643b8e96c39cab78011412440435328537bdccf21141fd3a448b3b3fd905ba
4
+ data.tar.gz: 94385c3ad84be0e4a7472efb54f1eb7c4b373c7b6c845bdf1b66b03bef9ad63d
5
5
  SHA512:
6
- metadata.gz: 89f4d7bd2b9ee4a1e51fb9a7d9699f0d1d3881a82bb3b8813527f6ce8cce96274462fd502e8df4d5f6b21cbf2d79da9bd69bff6a4e6e7e289e69aa7cb4e18893
7
- data.tar.gz: 381cdab10dffb59181caef1a80b46e9d584e1f20fa602843f1649164bbd16d44cbfd5ba5aef2ebd0a447e52fad7437644d29188e98b9998a19a4377abbc0051f
6
+ metadata.gz: fe3546ac3539741b388c9468bd79b9773b2fbb4a0ed02b71e43b1940008c631232f832e0ec4d93408a3d2a73e7e2ae676b541241798fd2219099c85ebab9267d
7
+ data.tar.gz: 00dbd06226c8481fbd292171b797407a79dee5fa76a20ec90c3f9d4dec3e24d15ad383c4824589084b7f5639644a19c3cfdf8be3ecdbe03ae4162ef3a576fc2c
data/lib/rack/protection/ip_spoofing.rb CHANGED
@@ -13,9 +13,11 @@ module Rack
13
13
 
14
14
  def accepts?(env)
15
15
  return true unless env.include? 'HTTP_X_FORWARDED_FOR'
16
- ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
17
- return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
18
- return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
16
+
17
+ ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
18
+ return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
19
+ return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
20
+
19
21
  true
20
22
  end
21
23
  end
data/lib/rack/protection/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Protection
3
- VERSION = '2.2.1'
3
+ VERSION = '2.2.2'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 2.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-23 00:00:00.000000000 Z
11
+ date: 2022-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -106,7 +106,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
106
106
  - !ruby/object:Gem::Version
107
107
  version: '0'
108
108
  requirements: []
109
- rubygems_version: 3.0.3.1
109
+ rubyforge_project:
110
+ rubygems_version: 2.7.6.3
110
111
  signing_key:
111
112
  specification_version: 4
112
113
  summary: Protect against typical web attacks, works with all Rack apps, including