rack-ssl-cure 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/Gemfile +4 -0
  2. data/README.md +24 -0
  3. data/lib/rack/ssl_cure.rb +13 -0
  4. data/rack-ssl-cure.gemspec +13 -0
  5. metadata +60 -0
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source :rubygems
2
+
3
+ gemspec
4
+
data/README.md ADDED
@@ -0,0 +1,24 @@
1
+ Rack::SSL sounded great, right? But now you have customers who are forced to use https and you may be
2
+ experiencing issues from slows pages to redirect loops. The problem is that Rack::SSL sets a header that
3
+ the browser stores for a year and causes the client to auto redirect to https independent of the app or
4
+ the webserver configuration.
5
+
6
+ Read more here:
7
+ http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02#page-12
8
+
9
+ All you have to do is:
10
+
11
+ Remove your Rack::SSL gem from the Gemfile and any configuration file including your config.ru if needed.
12
+
13
+ Add the following to the Gemfile:
14
+
15
+ gem 'rack-ssl-cure', require: 'rack/ssl_cure'
16
+
17
+ Add the following to your config.ru:
18
+
19
+ run Rack::SSLCure
20
+
21
+ Check any other configs. Deploy and watch your site speed up, and your customers smile.
22
+
23
+ TODO:
24
+ Write the one test. :)
data/lib/rack/ssl_cure.rb ADDED
@@ -0,0 +1,13 @@
1
+ module Rack
2
+ class SSLCure
3
+ def initialize(app)
4
+ @app = app
5
+ end
6
+
7
+ def call(env)
8
+ status, headers, response = @app.call(env)
9
+ headers.merge!('Strict-Transport-Security' => 'max-age=0')
10
+ [status, headers, response]
11
+ end
12
+ end
13
+ end
data/rack-ssl-cure.gemspec ADDED
@@ -0,0 +1,13 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'rack-ssl-cure'
3
+ s.author = 'Paul Hepworth'
4
+ s.email = 'paul<dot>hepworth<at>peppyheppy<dot>com'
5
+ s.version = '0.0.1'
6
+ s.homepage = 'https://github.com/peppyheppy/rack-ssl-cure'
7
+ s.date = '2012-05-11'
8
+ s.summary = "Cures the damange done by rack-ssl when it set the Strict-Transport-Security header to a year."
9
+ s.description = ""
10
+ s.files = s.files = `git ls-files`.split("\n")
11
+ s.add_development_dependency "rspec", "2.6.0"
12
+ end
13
+
metadata ADDED
@@ -0,0 +1,60 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-ssl-cure
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Paul Hepworth
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-05-11 00:00:00.000000000Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rspec
16
+ requirement: &70367026401160 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - =
20
+ - !ruby/object:Gem::Version
21
+ version: 2.6.0
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: *70367026401160
25
+ description: ''
26
+ email: paul<dot>hepworth<at>peppyheppy<dot>com
27
+ executables: []
28
+ extensions: []
29
+ extra_rdoc_files: []
30
+ files:
31
+ - Gemfile
32
+ - README.md
33
+ - lib/rack/ssl_cure.rb
34
+ - rack-ssl-cure.gemspec
35
+ homepage: https://github.com/peppyheppy/rack-ssl-cure
36
+ licenses: []
37
+ post_install_message:
38
+ rdoc_options: []
39
+ require_paths:
40
+ - lib
41
+ required_ruby_version: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ required_rubygems_version: !ruby/object:Gem::Requirement
48
+ none: false
49
+ requirements:
50
+ - - ! '>='
51
+ - !ruby/object:Gem::Version
52
+ version: '0'
53
+ requirements: []
54
+ rubyforge_project:
55
+ rubygems_version: 1.8.15
56
+ signing_key:
57
+ specification_version: 3
58
+ summary: Cures the damange done by rack-ssl when it set the Strict-Transport-Security
59
+ header to a year.
60
+ test_files: []