rack-simple_csrf 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/{License → LICENSE} +1 -1
- data/{Readme.md → README.md} +1 -1
- data/lib/rack/simple_csrf.rb +7 -7
- data/lib/rack/simple_csrf/version.rb +1 -1
- metadata +41 -41
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5a3f71eb69ee873e167211e2d6b3514786b67c52
|
|
4
|
+
data.tar.gz: c3cf020c8483182ef16994f043a35b6db486a648
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d60eeeba64c0cbd6107e304885819c883d5c514707e432d9a704aad6ae62af03e59f02d6a765f172b10f8b4d05218d1f77722b76623dfbb5689f9200ea28795
|
|
7
|
+
data.tar.gz: 4dd17845710a18f567a32fe3b3896de3bde205497c1e529e98523229bb3afc5284f20265d2db9aced75239e88eb4855f0d6840bbcc48da1c983fd067db1b3fc8
|
data/{License → LICENSE}
RENAMED
data/{Readme.md → README.md}
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Rack::Csrf
|
|
2
2
|
|
|
3
|
-
[](https://travis-ci.org/envygeeks/rack-simple_csrf) [](https://coveralls.io/r/envygeeks/rack-simple_csrf) [](https://codeclimate.com/github/envygeeks/rack-simple_csrf) [](https://gemnasium.com/envygeeks/rack-simple_csrf)
|
|
3
|
+
[](https://travis-ci.org/envygeeks/ruby-rack-simple_csrf) [](https://coveralls.io/r/envygeeks/ruby-rack-simple_csrf) [](https://codeclimate.com/github/envygeeks/ruby-rack-simple_csrf) [](https://gemnasium.com/envygeeks/ruby-rack-simple_csrf)
|
|
4
4
|
|
|
5
5
|
Rack::SimpleCsrf is my personal version of CSRF for Rack. It implements only a skip list where everything else must be run through the validator. It does not allow you to be explicit in what you validate, only explicit in what you do not validate. The goal is to increase security and make you think about what you are doing before you decide to do it.
|
|
6
6
|
|
data/lib/rack/simple_csrf.rb
CHANGED
|
@@ -56,22 +56,22 @@ module Rack
|
|
|
56
56
|
return false if ! @skip.is_a?(Array) || @skip.empty?
|
|
57
57
|
method = Regexp.escape(req.request_method)
|
|
58
58
|
path = Regexp.escape(req.path)
|
|
59
|
-
|
|
59
|
+
@skip.select do |p|
|
|
60
60
|
p = p.split ":"
|
|
61
61
|
if p.size > 1
|
|
62
62
|
if method !~ /\A#{p[0]}\Z/
|
|
63
|
-
|
|
63
|
+
next
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
p
|
|
66
|
+
p.shift
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
-
if path =~ /\A#{p}\Z/
|
|
69
|
+
if path =~ /\A#{p.join(":")}\Z/
|
|
70
70
|
return true
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
|
|
74
|
+
false
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
private
|
|
@@ -95,12 +95,12 @@ module Rack
|
|
|
95
95
|
module Helpers
|
|
96
96
|
extend self
|
|
97
97
|
|
|
98
|
-
def csrf_meta_tag(opts = {}, session = session)
|
|
98
|
+
def csrf_meta_tag(opts = {}, session = self.session)
|
|
99
99
|
%Q{<meta name="#{opts[:field] || "auth"}" content="#{ \
|
|
100
100
|
session[opts[:key] || "csrf"]}">}
|
|
101
101
|
end
|
|
102
102
|
|
|
103
|
-
def csrf_form_tag(opts = {}, session = session)
|
|
103
|
+
def csrf_form_tag(opts = {}, session = self.session)
|
|
104
104
|
session_key = session[opts[:key] || "csrf"]
|
|
105
105
|
tag = opts[:tag] || "div"
|
|
106
106
|
|
metadata
CHANGED
|
@@ -1,106 +1,106 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-simple_csrf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jordon Bedwell
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-06-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
15
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ~>
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.5'
|
|
20
15
|
requirement: !ruby/object:Gem::Requirement
|
|
21
16
|
requirements:
|
|
22
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
23
18
|
- !ruby/object:Gem::Version
|
|
24
19
|
version: '1.5'
|
|
25
|
-
prerelease: false
|
|
26
20
|
type: :runtime
|
|
27
|
-
|
|
28
|
-
name: envygeeks-coveralls
|
|
21
|
+
prerelease: false
|
|
29
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
30
23
|
requirements:
|
|
31
|
-
- - ~>
|
|
24
|
+
- - "~>"
|
|
32
25
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
26
|
+
version: '1.5'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: envygeeks-coveralls
|
|
34
29
|
requirement: !ruby/object:Gem::Requirement
|
|
35
30
|
requirements:
|
|
36
|
-
- - ~>
|
|
31
|
+
- - "~>"
|
|
37
32
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: '0
|
|
39
|
-
prerelease: false
|
|
33
|
+
version: '1.0'
|
|
40
34
|
type: :development
|
|
41
|
-
|
|
42
|
-
name: luna-rspec-formatters
|
|
35
|
+
prerelease: false
|
|
43
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
44
37
|
requirements:
|
|
45
|
-
- - ~>
|
|
38
|
+
- - "~>"
|
|
46
39
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '1.
|
|
40
|
+
version: '1.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: luna-rspec-formatters
|
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
|
49
44
|
requirements:
|
|
50
|
-
- - ~>
|
|
45
|
+
- - "~>"
|
|
51
46
|
- !ruby/object:Gem::Version
|
|
52
|
-
version: '
|
|
53
|
-
prerelease: false
|
|
47
|
+
version: '3.3'
|
|
54
48
|
type: :development
|
|
55
|
-
|
|
56
|
-
name: rspec
|
|
49
|
+
prerelease: false
|
|
57
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
58
51
|
requirements:
|
|
59
|
-
- - ~>
|
|
52
|
+
- - "~>"
|
|
60
53
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '3.
|
|
54
|
+
version: '3.3'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rspec
|
|
62
57
|
requirement: !ruby/object:Gem::Requirement
|
|
63
58
|
requirements:
|
|
64
|
-
- - ~>
|
|
59
|
+
- - "~>"
|
|
65
60
|
- !ruby/object:Gem::Version
|
|
66
|
-
version: '3.
|
|
67
|
-
prerelease: false
|
|
61
|
+
version: '3.3'
|
|
68
62
|
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '3.3'
|
|
69
69
|
description: A simpler CSRF middleware for Rack.
|
|
70
70
|
email:
|
|
71
|
-
- envygeeks
|
|
71
|
+
- jordon@envygeeks.io
|
|
72
72
|
executables: []
|
|
73
73
|
extensions: []
|
|
74
74
|
extra_rdoc_files: []
|
|
75
75
|
files:
|
|
76
|
-
- Readme.md
|
|
77
|
-
- Rakefile
|
|
78
|
-
- License
|
|
79
76
|
- Gemfile
|
|
77
|
+
- LICENSE
|
|
78
|
+
- README.md
|
|
79
|
+
- Rakefile
|
|
80
80
|
- lib/rack/csrf.rb
|
|
81
81
|
- lib/rack/simple_csrf.rb
|
|
82
82
|
- lib/rack/simple_csrf/version.rb
|
|
83
83
|
homepage: https://envygeeks.com/projects/rack-csrf
|
|
84
84
|
licenses: []
|
|
85
85
|
metadata: {}
|
|
86
|
-
post_install_message:
|
|
86
|
+
post_install_message:
|
|
87
87
|
rdoc_options: []
|
|
88
88
|
require_paths:
|
|
89
89
|
- lib
|
|
90
90
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
91
91
|
requirements:
|
|
92
|
-
- -
|
|
92
|
+
- - ">="
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
94
|
version: '0'
|
|
95
95
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
96
96
|
requirements:
|
|
97
|
-
- -
|
|
97
|
+
- - ">="
|
|
98
98
|
- !ruby/object:Gem::Version
|
|
99
99
|
version: '0'
|
|
100
100
|
requirements: []
|
|
101
|
-
rubyforge_project:
|
|
102
|
-
rubygems_version: 2.
|
|
103
|
-
signing_key:
|
|
101
|
+
rubyforge_project:
|
|
102
|
+
rubygems_version: 2.4.8
|
|
103
|
+
signing_key:
|
|
104
104
|
specification_version: 4
|
|
105
105
|
summary: A simpler CSRF middleware for Rack.
|
|
106
106
|
test_files: []
|