rack-protection 3.0.6 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -0
  3. data/lib/rack/protection/base.rb +7 -1
  4. data/lib/rack/protection/version.rb +1 -1
  5. data/rack-protection.gemspec +3 -3
  6. metadata +12 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 990bfb3981089f50f2bc4738b8c663a87a8bfe526118a961f4e49e4e8365d062
4
- data.tar.gz: 22a6b16e5cfe8f7bf06eb2def6a63f1b90a4b48889dbae274205af1b4a30eb0c
3
+ metadata.gz: eeb2f23054ca1be134853965356c94ce919a74971330a244184c45b92afbc9a9
4
+ data.tar.gz: 510bd7c9386b0611547bd8f0cfe97ac959428a967e9095ae3f1345c29126bae1
5
5
  SHA512:
6
- metadata.gz: ed90e7d9d0b2c465f8b9aeee02b270e7990c3368c7284c33a3e7e9a3c2860d462fcbc6eba4bd9212f21d052dd0ee9a3844534f9e6273f20093f943d112aecb7e
7
- data.tar.gz: 4083723bf61ef5effbb3146604f7091ff3456506ebbd44f883a7c7ffc79fc2070b24c0c9e8804ce5a4fac1521fbf445847e9de79110d368207fa11d26944ea21
6
+ metadata.gz: ec9549d7c63593ace699212d5d6df2747f0d4a7f02b33e280f6af887458b426e6c305e36e73a78ae154023205f4239e033cf849d39e43b4b149dc0de4f33b8a0
7
+ data.tar.gz: 32f7feb53458c5336fa91043ecfba414348a1a77e12b55a8cc7cfdbf099ec33184a6faf27ccb818bce5ffe073f83bdd77fd803dadc7ae101acbcf67c35673311
data/README.md CHANGED
@@ -74,6 +74,7 @@ Prevented by:
74
74
  ## Cookie Tossing
75
75
 
76
76
  Prevented by:
77
+
77
78
  * [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
78
79
 
79
80
  ## IP Spoofing
@@ -95,6 +96,7 @@ Prevented by:
95
96
  # Instrumentation
96
97
 
97
98
  Instrumentation is enabled by passing in an instrumenter as an option.
99
+
98
100
  ```
99
101
  use Rack::Protection, instrumenter: ActiveSupport::Notifications
100
102
  ```
data/lib/rack/protection/base.rb CHANGED
@@ -93,7 +93,13 @@ module Rack
93
93
  end
94
94
 
95
95
  def drop_session(env)
96
- session(env).clear if session? env
96
+ return unless session? env
97
+
98
+ session(env).clear
99
+
100
+ return if ["1", "true"].include?(ENV["RACK_PROTECTION_SILENCE_DROP_SESSION_WARNING"])
101
+
102
+ warn env, "session dropped by #{self.class}"
97
103
  end
98
104
 
99
105
  def referrer(env)
data/lib/rack/protection/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  module Protection
5
- VERSION = '3.0.6'
5
+ VERSION = '3.1.0'
6
6
  end
7
7
  end
data/rack-protection.gemspec CHANGED
@@ -6,9 +6,9 @@ Gem::Specification.new do |s|
6
6
  # general infos
7
7
  s.name = 'rack-protection'
8
8
  s.version = version
9
- s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
9
+ s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
10
10
  s.homepage = 'https://sinatrarb.com/protection/'
11
- s.summary = s.description
11
+ s.summary = "#{s.description}."
12
12
  s.license = 'MIT'
13
13
  s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
14
14
  s.email = 'sinatrarb@googlegroups.com'
@@ -39,7 +39,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
39
39
  s.required_ruby_version = '>= 2.6.0'
40
40
 
41
41
  # dependencies
42
- s.add_dependency 'rack'
42
+ s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
43
43
  s.add_development_dependency 'rack-test', '~> 2'
44
44
  s.add_development_dependency 'rspec', '~> 3'
45
45
  end
metadata CHANGED
@@ -1,29 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.6
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-11 00:00:00.000000000 Z
11
+ date: 2023-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.2'
17
20
  - - ">="
18
21
  - !ruby/object:Gem::Version
19
- version: '0'
22
+ version: 2.2.4
20
23
  type: :runtime
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
23
26
  requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '2.2'
24
30
  - - ">="
25
31
  - !ruby/object:Gem::Version
26
- version: '0'
32
+ version: 2.2.4
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: rack-test
29
35
  requirement: !ruby/object:Gem::Requirement
@@ -53,7 +59,7 @@ dependencies:
53
59
  - !ruby/object:Gem::Version
54
60
  version: '3'
55
61
  description: Protect against typical web attacks, works with all Rack apps, including
56
- Rails.
62
+ Rails
57
63
  email: sinatrarb@googlegroups.com
58
64
  executables: []
59
65
  extensions: []
@@ -110,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
116
  - !ruby/object:Gem::Version
111
117
  version: '0'
112
118
  requirements: []
113
- rubygems_version: 3.4.10
119
+ rubygems_version: 3.4.18
114
120
  signing_key:
115
121
  specification_version: 4
116
122
  summary: Protect against typical web attacks, works with all Rack apps, including