rack-protection 0.1.0 → 1.0.0

data/README.md

@@ -43,6 +43,7 @@ Prevented by:
 * `Rack::Protection::JsonCsrf`
 * `Rack::Protection::RemoteReferrer` (not included by `use Rack::Protection`)
 * `Rack::Protection::RemoteToken`
+
 ## Cross Site Scripting
 
 Prevented by:
@@ -70,7 +71,6 @@ Prevented by:
 
 ## IP Spoofing
 
-
 Prevented by:
 
 * `Rack::Protection::IPSpoofing`
@@ -78,3 +78,17 @@ Prevented by:
 # Installation
 
     gem install rack-protection
+
+# History
+
+## v0.1.0 (2011/06/20)
+
+First public release.
+
+## v1.0.0 (2011/09/02)
+
+First stable release.
+
+Changes:
+
+* Fix bug in JsonCsrf

data/lib/rack/protection/json_csrf.rb

@@ -7,7 +7,7 @@ module Rack
     # Supported browsers:: all
     # More infos::         http://flask.pocoo.org/docs/security/#json-security
     #
-    # JSON GET APIs are volnurable to being embedded as JavaScript while the
+    # JSON GET APIs are vulnerable to being embedded as JavaScript while the
     # Array prototype has been patched to track data. Checks the referrer
     # even on GET requests if the content type is JSON.
     class JsonCsrf < Base
@@ -15,7 +15,7 @@ module Rack
 
       def call(env)
         status, headers, body = app.call(env)
-        if headers['Content-Type'].to_s.split(';', 2).first.strip == 'application/json'
+        if headers['Content-Type'].to_s.split(';', 2).first =~ /^\s*application\/json\s*$/
           result = react(env) if referrer(env) != Request.new(env).host
         end
         result or [status, headers, body]

data/lib/rack/protection/version.rb

@@ -7,8 +7,8 @@ module Rack
     module VERSION
       extend Comparable
 
-      MAJOR     = 0
-      MINOR     = 1
+      MAJOR     = 1
+      MINOR     = 0
       TINY      = 0
       SIGNATURE = [MAJOR, MINOR, TINY]
       STRING    = SIGNATURE.join '.'

data/rack-protection.gemspec

@@ -2,19 +2,23 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "0.1.0"
+  s.version     = "1.0.0"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
 
   # generated from git shortlog -sn
   s.authors = [
-    "Konstantin Haase"
+    "Konstantin Haase",
+    "Corey Ward",
+    "Fojas"
   ]
 
   # generated from git shortlog -sne
   s.email = [
-    "konstantin.mailinglists@googlemail.com"
+    "konstantin.mailinglists@googlemail.com",
+    "coreyward@me.com",
+    "developer@fojasaur.us"
   ]
 
   # generated from git ls-files

data/spec/json_csrf_spec.rb

@@ -20,4 +20,13 @@ describe Rack::Protection::JsonCsrf do
       get('/', {}).should be_ok
     end
   end
+
+  describe 'not json response' do
+
+    it "accepts get requests with 304 headers" do
+      mock_app { |e| [304, {}, []]}
+      get('/', {}).status.should == 304
+    end
+
+  end
 end

metadata

@@ -1,19 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
   prerelease: 
 platform: ruby
 authors:
 - Konstantin Haase
+- Corey Ward
+- Fojas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-06-20 00:00:00.000000000Z
+date: 2011-09-02 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: &2153646760 !ruby/object:Gem::Requirement
+  requirement: &2151828860 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +23,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153646760
+  version_requirements: *2151828860
 - !ruby/object:Gem::Dependency
   name: escape_utils
-  requirement: &2153646220 !ruby/object:Gem::Requirement
+  requirement: &2151828040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +34,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2153646220
+  version_requirements: *2151828040
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2153645700 !ruby/object:Gem::Requirement
+  requirement: &2151827300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +45,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2153645700
+  version_requirements: *2151827300
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2153645080 !ruby/object:Gem::Requirement
+  requirement: &2151826180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +56,12 @@ dependencies:
         version: '2.0'
   type: :development
   prerelease: false
-  version_requirements: *2153645080
+  version_requirements: *2151826180
 description: You should use protection!
 email:
 - konstantin.mailinglists@googlemail.com
+- coreyward@me.com
+- developer@fojasaur.us
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -114,7 +118,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.5
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: You should use protection!