rack-protection 1.5.1 → 1.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d142ba2e517a486c07d79a7c7a80061fe405a84d
-  data.tar.gz: 43a1d8c17e3bc26171c5c75bc22eaded63b4587c
+  metadata.gz: 522f79f2479b2792fe66e2e0831afa23d9b4c039
+  data.tar.gz: 093a7f64d629cde5c16ef3355fe4604d57fee5d0
 SHA512:
-  metadata.gz: df0552ef6da37611e34ff91e664521794681596cfd3898bf1cd5acb8150eea553db1bc761dc9fc3c90900884a3f5128368096bd9a1e386c84e90fe9c0fb83431
-  data.tar.gz: 4903af66fc37585786fb5650f9475695d3f0455f984c2621bc35ed9ae7addb19588fbc55d134cbf891f972c0316305e426c0d90ecdd9431273ad69a37585ef92
+  metadata.gz: ecb85cac807d3e454773435a8d931a36c4edd90d11aa85486efe80cfd8bf021684394547f9e22cffab41ee798301743322d937d82d88556a443dc498411c4f8b
+  data.tar.gz: f4c57b6fa768de957a90f234efb45aa0b50581322e1c953b159549e8ac4d137f673538137d51bc9eb35fce7b7ad54bfd24fe35c3c7466686575f41844afff35a

data/lib/rack/protection/session_hijacking.rb

@@ -9,12 +9,12 @@ module Rack
     #
     # Tracks request properties like the user agent in the session and empties
     # the session if those properties change. This essentially prevents attacks
-    # from Firesheep. Since all headers taken into consideration might be
-    # spoofed, too, this will not prevent all hijacking attempts.
+    # from Firesheep. Since all headers taken into consideration can be
+    # spoofed, too, this will not prevent determined hijacking attempts.
     class SessionHijacking < Base
       default_reaction :drop_session
       default_options :tracking_key => :tracking, :encrypt_tracking => true,
-        :track => %w[HTTP_USER_AGENT HTTP_ACCEPT_ENCODING HTTP_ACCEPT_LANGUAGE]
+        :track => %w[HTTP_USER_AGENT HTTP_ACCEPT_LANGUAGE]
 
       def accepts?(env)
         session = session env

data/lib/rack/protection/version.rb

@@ -4,7 +4,7 @@ module Rack
       VERSION
     end
 
-    SIGNATURE = [1, 5, 1]
+    SIGNATURE = [1, 5, 2]
     VERSION   = SIGNATURE.join('.')
 
     VERSION.extend Comparable

data/rack-protection.gemspec

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "1.5.1"
+  s.version     = "1.5.2"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
@@ -13,19 +13,21 @@ Gem::Specification.new do |s|
     "Konstantin Haase",
     "Alex Rodionov",
     "Patrick Ellis",
-    "Jeff Welling",
     "ITO Nobuaki",
     "Matteo Centenaro",
+    "Jeff Welling",
     "David Kellum",
     "Egor Homakov",
     "Florian Gilcher",
     "Fojas",
     "Mael Clerambault",
     "Martin Mauch",
+    "Renne Nissinen",
     "SAKAI, Kazuaki",
     "Stanislav Savulchik",
     "Steve Agalloco",
     "TOBY",
+    "Vipul A M",
     "Akzhan Abdulin",
     "brookemckim",
     "Bj\u00F8rge N\u00E6ss",
@@ -41,17 +43,19 @@ Gem::Specification.new do |s|
     "p0deje@gmail.com",
     "patrick@soundcloud.com",
     "jeff.welling@gmail.com",
-    "bugant@gmail.com",
     "daydream.trippers@gmail.com",
+    "bugant@gmail.com",
     "homakov@gmail.com",
     "florian.gilcher@asquera.de",
     "developer@fojasaur.us",
     "mael@clerambault.fr",
     "martin.mauch@gmail.com",
+    "rennex@iki.fi",
     "kaz.july.7@gmail.com",
     "s.savulchik@gmail.com",
     "steve.agalloco@gmail.com",
     "toby.net.info.mail+git@gmail.com",
+    "vipulnsward@gmail.com",
     "akzhan.abdulin@gmail.com",
     "brooke@digitalocean.com",
     "bjoerge@bengler.no",

data/spec/escaped_params_spec.rb

@@ -33,7 +33,6 @@ describe Rack::Protection::EscapedParams do
 
     it 'leaves cache-breaker params untouched' do
       mock_app do |env|
-        request = Rack::Request.new(env)
         [200, {'Content-Type' => 'text/plain'}, ['hi']]
       end
 

data/spec/session_hijacking_spec.rb

@@ -17,11 +17,12 @@ describe Rack::Protection::SessionHijacking do
     session.should be_empty
   end
 
-  it "denies requests with a changing Accept-Encoding header" do
+  it "accepts requests with a changing Accept-Encoding header" do
+    # this is tested because previously it led to clearing the session
     session = {:foo => :bar}
     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
-    session.should be_empty
+    session.should_not be_empty
   end
 
   it "denies requests with a changing Accept-Language header" do

metadata

@@ -1,25 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 1.5.1
+  version: 1.5.2
 platform: ruby
 authors:
 - Konstantin Haase
 - Alex Rodionov
 - Patrick Ellis
-- Jeff Welling
 - ITO Nobuaki
 - Matteo Centenaro
+- Jeff Welling
 - David Kellum
 - Egor Homakov
 - Florian Gilcher
 - Fojas
 - Mael Clerambault
 - Martin Mauch
+- Renne Nissinen
 - SAKAI, Kazuaki
 - Stanislav Savulchik
 - Steve Agalloco
 - TOBY
+- Vipul A M
 - Akzhan Abdulin
 - brookemckim
 - Bjørge Næss
@@ -30,7 +32,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-21 00:00:00.000000000 Z
+date: 2014-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -80,17 +82,19 @@ email:
 - p0deje@gmail.com
 - patrick@soundcloud.com
 - jeff.welling@gmail.com
-- bugant@gmail.com
 - daydream.trippers@gmail.com
+- bugant@gmail.com
 - homakov@gmail.com
 - florian.gilcher@asquera.de
 - developer@fojasaur.us
 - mael@clerambault.fr
 - martin.mauch@gmail.com
+- rennex@iki.fi
 - kaz.july.7@gmail.com
 - s.savulchik@gmail.com
 - steve.agalloco@gmail.com
 - toby.net.info.mail+git@gmail.com
+- vipulnsward@gmail.com
 - akzhan.abdulin@gmail.com
 - brooke@digitalocean.com
 - bjoerge@bengler.no
@@ -158,9 +162,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.7
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: You should use protection!
 test_files: []
-has_rdoc: