rack-protection 3.0.5 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7fef35d427c0ff406165fdf913c53089e65f94d759aaf5610aebd5ef0c43cd30
4
- data.tar.gz: 4a458e4fada2015274bde82e4209bfe4c94618227fc7a2dc8df198258c1b7404
3
+ metadata.gz: 7640a15f8659807abd53474e7ce538a42e476e4bd99dc745f3b9b8c16161c008
4
+ data.tar.gz: '05468ec6c8113d3afce2df62221e4c866616999700c30ba3ef94a2705b11138b'
5
5
  SHA512:
6
- metadata.gz: e8b1ba3b66ae172be989c43133f111fbe416706df83735f51aa785146242bbab8e55c5b0fa4667dff165ac462db518c1209f9957ec3bf95744da1dc4881cd5c9
7
- data.tar.gz: cd46380780ad4c7078a6fc31f46cfaa6dda79bcbf2b47cf6e973592d85c35d4ef1c0bff5fee0b910e29e5cb579307447eae4d4c5880f2440586ee204a9d37da8
6
+ metadata.gz: eeaff5e584a8ee3be6c80dc92c67fcc95bdbb97b084509ed90ca9ad524598fba63690cfa372586edd27940cd609fa44210637e9c95fbf1191e1a5cc297f222ac
7
+ data.tar.gz: 26e2160d65b6015c7aaa52266b7241d15f645eb259d1371b864b3e2b6a3b1fbef841e62304bc8e39a83fab1a52ddb0c3455a51385a9a451c833cbed91b75d00a
data/Gemfile CHANGED
@@ -4,14 +4,13 @@ source 'https://rubygems.org'
4
4
  # encoding: utf-8
5
5
 
6
6
  gem 'rake'
7
+ gem 'rspec', '~> 3'
7
8
 
8
9
  rack_version = ENV['rack'].to_s
9
10
  rack_version = nil if rack_version.empty? || (rack_version == 'stable')
10
- rack_version = { github: 'rack/rack' } if rack_version == 'main'
11
+ rack_version = { github: 'rack/rack' } if rack_version == 'head'
11
12
  gem 'rack', rack_version
12
13
 
13
- gem 'sinatra', path: '..'
14
-
15
14
  gemspec
16
15
 
17
- gem 'rack-test', github: 'rack/rack-test'
16
+ gem 'rack-test'
data/README.md CHANGED
@@ -74,6 +74,7 @@ Prevented by:
74
74
  ## Cookie Tossing
75
75
 
76
76
  Prevented by:
77
+
77
78
  * [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
78
79
 
79
80
  ## IP Spoofing
@@ -95,6 +96,7 @@ Prevented by:
95
96
  # Instrumentation
96
97
 
97
98
  Instrumentation is enabled by passing in an instrumenter as an option.
99
+
98
100
  ```
99
101
  use Rack::Protection, instrumenter: ActiveSupport::Notifications
100
102
  ```
@@ -93,7 +93,13 @@ module Rack
93
93
  end
94
94
 
95
95
  def drop_session(env)
96
- session(env).clear if session? env
96
+ return unless session? env
97
+
98
+ session(env).clear
99
+
100
+ return if ["1", "true"].include?(ENV["RACK_PROTECTION_SILENCE_DROP_SESSION_WARNING"])
101
+
102
+ warn env, "session dropped by #{self.class}"
97
103
  end
98
104
 
99
105
  def referrer(env)
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  module Protection
5
- VERSION = '3.0.4'
5
+ VERSION = '3.2.0'
6
6
  end
7
7
  end
@@ -6,9 +6,9 @@ Gem::Specification.new do |s|
6
6
  # general infos
7
7
  s.name = 'rack-protection'
8
8
  s.version = version
9
- s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
10
- s.homepage = 'http://sinatrarb.com/protection/'
11
- s.summary = s.description
9
+ s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
10
+ s.homepage = 'https://sinatrarb.com/protection/'
11
+ s.summary = "#{s.description}."
12
12
  s.license = 'MIT'
13
13
  s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
14
14
  s.email = 'sinatrarb@googlegroups.com'
@@ -30,7 +30,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
30
30
  end
31
31
 
32
32
  s.metadata = {
33
- 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
33
+ 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/main/rack-protection',
34
34
  'homepage_uri' => 'http://sinatrarb.com/protection/',
35
35
  'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
36
36
  'rubygems_mfa_required' => 'true'
@@ -39,7 +39,6 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
39
39
  s.required_ruby_version = '>= 2.6.0'
40
40
 
41
41
  # dependencies
42
- s.add_dependency 'rack'
43
- s.add_development_dependency 'rack-test', '~> 2'
44
- s.add_development_dependency 'rspec', '~> 3'
42
+ s.add_dependency 'base64', '>= 0.1.0'
43
+ s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
45
44
  end
metadata CHANGED
@@ -1,59 +1,51 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.5
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-16 00:00:00.000000000 Z
11
+ date: 2023-12-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rack
14
+ name: base64
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: 0.1.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: 0.1.0
27
27
  - !ruby/object:Gem::Dependency
28
- name: rack-test
28
+ name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '2'
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '2'
41
- - !ruby/object:Gem::Dependency
42
- name: rspec
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - "~>"
33
+ version: '2.2'
34
+ - - ">="
46
35
  - !ruby/object:Gem::Version
47
- version: '3'
48
- type: :development
36
+ version: 2.2.4
37
+ type: :runtime
49
38
  prerelease: false
50
39
  version_requirements: !ruby/object:Gem::Requirement
51
40
  requirements:
52
41
  - - "~>"
53
42
  - !ruby/object:Gem::Version
54
- version: '3'
43
+ version: '2.2'
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: 2.2.4
55
47
  description: Protect against typical web attacks, works with all Rack apps, including
56
- Rails.
48
+ Rails
57
49
  email: sinatrarb@googlegroups.com
58
50
  executables: []
59
51
  extensions: []
@@ -87,15 +79,15 @@ files:
87
79
  - lib/rack/protection/xss_header.rb
88
80
  - lib/rack_protection.rb
89
81
  - rack-protection.gemspec
90
- homepage: http://sinatrarb.com/protection/
82
+ homepage: https://sinatrarb.com/protection/
91
83
  licenses:
92
84
  - MIT
93
85
  metadata:
94
- source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
86
+ source_code_uri: https://github.com/sinatra/sinatra/tree/main/rack-protection
95
87
  homepage_uri: http://sinatrarb.com/protection/
96
88
  documentation_uri: https://www.rubydoc.info/gems/rack-protection
97
89
  rubygems_mfa_required: 'true'
98
- post_install_message:
90
+ post_install_message:
99
91
  rdoc_options: []
100
92
  require_paths:
101
93
  - lib
@@ -110,8 +102,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
102
  - !ruby/object:Gem::Version
111
103
  version: '0'
112
104
  requirements: []
113
- rubygems_version: 3.2.3
114
- signing_key:
105
+ rubygems_version: 3.5.3
106
+ signing_key:
115
107
  specification_version: 4
116
108
  summary: Protect against typical web attacks, works with all Rack apps, including
117
109
  Rails.