rack-protection 1.3.1 → 1.3.2

data/Rakefile

@@ -1,3 +1,4 @@
+# encoding: utf-8
 $LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
 
 begin
@@ -15,12 +16,14 @@ task 'rack-protection.gemspec' do
   require 'rack/protection/version'
   content = File.read 'rack-protection.gemspec'
 
+  # fetch data
   fields = {
     :authors => `git shortlog -sn`.scan(/[^\d\s].*/),
     :email   => `git shortlog -sne`.scan(/[^<]+@[^>]+/),
     :files   => `git ls-files`.split("\n").reject { |f| f =~ /^(\.|Gemfile)/ }
   }
 
+  # insert data
   fields.each do |field, values|
     updated = "  s.#{field} = ["
     updated << values.map { |v| "\n    %p" % v }.join(',')
@@ -28,7 +31,12 @@ task 'rack-protection.gemspec' do
     content.sub!(/  s\.#{field} = \[\n(    .*\n)*  \]/, updated)
   end
 
+  # set version
   content.sub! /(s\.version.*=\s+).*/, "\\1\"#{Rack::Protection::VERSION}\""
+
+  # escape unicode
+  content.gsub!(/./) { |c| c.bytesize > 1 ? "\\u{#{c.codepoints.first.to_s(16)}}" : c }
+
   File.open('rack-protection.gemspec', 'w') { |f| f << content }
 end
 

data/lib/rack/protection/http_origin.rb

@@ -11,20 +11,20 @@ module Rack
     # Does not accept unsafe HTTP requests when value of Origin HTTP request header
     # does not match default or whitelisted URIs.
     class HttpOrigin < Base
+      DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 }
       default_reaction :deny
 
-      def accepts?(env)
-        # only for unsafe request methods
-        safe?(env) and return true
-        # ignore if origin is not set
-        origin = env['HTTP_ORIGIN'] or return true
-
-        # check base url
-        Request.new(env).base_url == origin and return true
+      def base_url(env)
+        request = Rack::Request.new(env)
+        port = ":#{request.port}" unless request.port == DEFAULT_PORTS[request.scheme]
+        "#{request.scheme}://#{request.host}#{port}"
+      end
 
-        # check whitelist
-        options[:origin_whitelist] or return false
-        options[:origin_whitelist].include?(origin)
+      def accepts?(env)
+        return true if safe? env
+        return true unless origin = env['HTTP_ORIGIN']
+        return true if base_url(env) == origin
+        Array(options[:origin_whitelist]).include? origin
       end
 
     end

data/lib/rack/protection/version.rb

@@ -4,7 +4,7 @@ module Rack
       VERSION
     end
 
-    SIGNATURE = [1, 3, 1]
+    SIGNATURE = [1, 3, 2]
     VERSION   = SIGNATURE.join('.')
 
     VERSION.extend Comparable

data/rack-protection.gemspec

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "1.3.1"
+  s.version     = "1.3.2"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
     "Steve Agalloco",
     "Akzhan Abdulin",
     "TOBY",
-    "Bjørge Næss"
+    "Bj\u{f8}rge N\u{e6}ss"
   ]
 
   # generated from git shortlog -sne

data/spec/spec_helper.rb

@@ -1,5 +1,6 @@
 require 'rack/protection'
 require 'rack/test'
+require 'rack'
 require 'forwardable'
 require 'stringio'
 
@@ -21,6 +22,10 @@ if version == "1.3"
   end
 end
 
+unless Rack::MockResponse.method_defined? :header
+  Rack::MockResponse.send(:alias_method, :header, :headers)
+end
+
 module DummyApp
   def self.call(env)
     Thread.current[:last_env] = env

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
   prerelease: 
 platform: ruby
 authors:
@@ -23,7 +23,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-10 00:00:00.000000000 Z
+date: 2012-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack