RubyGems - rack-ssl-enforcer - Versions diffs - 0.1.8 → 0.1.9 - Mend

rack-ssl-enforcer 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/README.rdoc +23 -6
data/lib/{rack-ssl-enforcer.rb → rack/rack-ssl-enforcer.rb} +0 -0
data/lib/rack/ssl-enforcer.rb +40 -2
data/lib/rack/ssl-enforcer/version.rb +1 -1
metadata +71 -20

data/README.rdoc CHANGED Viewed

@@ -2,10 +2,12 @@
 Rack::SslEnforcer is a simple Rack middleware to enforce ssl connections
 == Installation
   gem install rack-ssl-enforcer
 == Usage
   require 'rack-ssl-enforcer'
@@ -17,7 +19,7 @@ You might need the :redirect_to option if the requested URL can't be determined
   use Rack::SslEnforcer, :redirect_to => 'https://example.org'
-You can also define specifics regex pattern or path to redirect.
+You can also define specific regex patterns or paths to redirect.
   use Rack::SslEnforcer, :only => /^\/admin\//
   use Rack::SslEnforcer, :only => "/login"
@@ -27,6 +29,26 @@ And force http for non-https path
   use Rack::SslEnforcer, :only => ["/login", /\.xml$/], :strict => true
+== TODO
+* Add HSTS support, see http://en.wikipedia.org/wiki/Strict_Transport_Security
+* Add configuration option to specify local http / https ports
+== Contributors
+* {Dan Mayer}[http://github.com/danmayer]
+* {Rémy Coutable}[http://github.com/rymai]
+* {Thibaud Guillaume-Gentil}[http://github.com/thibaudgg]
+* {Paul Annesley}[https://github.com/pda]
+== Credits
+Flagging cookies as secure functionality is greatly inspired by {Joshua Peek's Rack::SSL}[https://github.com/josh/rack-ssl]
 == Note on Patches/Pull Requests
 * Fork the project.
@@ -37,11 +59,6 @@ And force http for non-https path
   (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
 * Send me a pull request. Bonus points for topic branches.
-== Contributors
-* {Dan Mayer}[http://github.com/danmayer]
-* {Rémy Coutable}[http://github.com/rymai]
-* {Thibaud Guillaume-Gentil}[http://github.com/thibaudgg]
 == Copyright

data/lib/{rack-ssl-enforcer.rb → rack/rack-ssl-enforcer.rb} RENAMED Viewed

File without changes

data/lib/rack/ssl-enforcer.rb CHANGED Viewed

@@ -14,9 +14,13 @@ module Rack
       end
       if scheme
-        location = @options[:redirect_to] || @req.url.gsub(/^https?/, scheme)
+        location = @options[:redirect_to] || replace_scheme(@req, scheme).url
         body     = "<html><body>You are being <a href=\"#{location}\">redirected</a>.</body></html>"
         [301, { 'Content-Type' => 'text/html', 'Location' => location }, [body]]
+      elsif ssl_request?(env)
+        status, headers, body = @app.call(env)
+        flag_cookies_as_secure!(headers)
+        [status, headers, body]
       else
         @app.call(env)
       end
@@ -25,7 +29,18 @@ module Rack
   private
     def ssl_request?(env)
-      (env['HTTP_X_FORWARDED_PROTO'] || @req.scheme) == 'https'
+      scheme(env) == 'https'
+    end
+    # Fixed in rack >= 1.3
+    def scheme(env)
+      if env['HTTPS'] == 'on'
+        'https'
+      elsif env['HTTP_X_FORWARDED_PROTO']
+        env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+      else
+        env['rack.url_scheme']
+      end
     end
     def enforce_ssl?(env)
@@ -43,5 +58,28 @@ module Rack
       end
     end
+    def replace_scheme(req, scheme)
+      Rack::Request.new(req.env.merge(
+        'rack.url_scheme' => scheme,
+        'SERVER_PORT' => port_for(scheme).to_s
+      ))
+    end
+    def port_for(scheme)
+      scheme == 'https' ? 443 : 80
+    end
+    def flag_cookies_as_secure!(headers)
+      if cookies = headers['Set-Cookie']
+        headers['Set-Cookie'] = cookies.split("\n").map { |cookie|
+          if cookie !~ / secure;/
+            "#{cookie}; secure"
+          else
+            cookie
+          end
+        }.join("\n")
+      end
+    end
   end
 end

data/lib/rack/ssl-enforcer/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rack
   class SslEnforcer
-    VERSION = "0.1.8"
+    VERSION = "0.1.9"
   end
 end

metadata CHANGED Viewed

@@ -1,13 +1,12 @@
 --- !ruby/object:Gem::Specification
 name: rack-ssl-enforcer
 version: !ruby/object:Gem::Version
-  hash: 11
   prerelease: false
   segments:
   - 0
   - 1
-  - 8
-  version: 0.1.8
+  - 9
+  version: 0.1.9
 platform: ruby
 authors:
 - Tobias Matthies
@@ -16,73 +15,127 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-09-10 00:00:00 +02:00
+date: 2010-11-17 00:00:00 +01:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: guard
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 0
+        - 2
+        - 1
+        version: 0.2.1
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: guard-test
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        hash: 23
         segments:
+        - 0
         - 1
+        - 3
+        version: 0.1.3
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency
+  name: guard-bundler
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
         - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: bundler
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        segments:
+        - 1
         - 0
-        version: 1.0.0
+        - 5
+        version: 1.0.5
   type: :development
-  version_requirements: *id001
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        segments:
+        - 2
+        - 1
+        - 1
+        version: 2.1.1
+  type: :development
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency
   name: shoulda
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  requirement: &id006 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        hash: 37
         segments:
         - 2
         - 11
         - 3
         version: 2.11.3
   type: :development
-  version_requirements: *id002
+  version_requirements: *id006
 - !ruby/object:Gem::Dependency
   name: rack
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
+  requirement: &id007 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        hash: 31
         segments:
         - 1
         - 2
         - 0
         version: 1.2.0
   type: :development
-  version_requirements: *id003
+  version_requirements: *id007
 - !ruby/object:Gem::Dependency
   name: rack-test
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id008 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        hash: 3
         segments:
         - 0
         - 5
         - 4
         version: 0.5.4
   type: :development
-  version_requirements: *id004
+  version_requirements: *id008
 description: Rack::SslEnforcer is a simple Rack middleware to enforce ssl connections
 email:
 - tm@mit2m.de
@@ -94,9 +147,9 @@ extensions: []
 extra_rdoc_files: []
 files:
+- lib/rack/rack-ssl-enforcer.rb
 - lib/rack/ssl-enforcer/version.rb
 - lib/rack/ssl-enforcer.rb
-- lib/rack-ssl-enforcer.rb
 - LICENSE
 - README.rdoc
 has_rdoc: true
@@ -113,7 +166,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: 3
       segments:
       - 0
       version: "0"
@@ -122,7 +174,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: 23
       segments:
       - 1
       - 3