RubyGems - rack-ssl-enforcer - Versions diffs - 0.2.8 → 0.2.9 - Mend

rack-ssl-enforcer 0.2.8 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +7 -0
data/README.md +19 -0
data/lib/rack/ssl-enforcer.rb +6 -3
data/lib/rack/ssl-enforcer/version.rb +1 -1
metadata +21 -36

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fee98e208302ce4570d8308c0a7c2c2bfe15ca0c
+  data.tar.gz: 3fc3e066e40919a1d4a011931db1ad3cc0c85bc5
+SHA512:
+  metadata.gz: 6ab296839b4c4969dc0dd98570185d6553884e106b45c795658fde104f4494ccdcb40b1cfcf6636b855cbe1932bb2cf35269bdb9ab4c08df84a8e44554d42943
+  data.tar.gz: 599f268fe46a56b99d6e26d57d0b341b7547a89e3d772dd7f838dc9d49a6a3271b516a4639166d4114af3d635e4b43db5b3a844e52a6fb84d486c77e31aa56f6

data/README.md CHANGED

@@ -263,6 +263,25 @@ In the `location` block for your app's SSL configuration, include the following
 `proxy_set_header   X-Forwarded-Proto https;`
+### Nginx behind Load Balancer
+The following instruction has been tested behind AWS ELB, but can be adapted to work behind any load balancer.
+Specifically, the options below account for termination of SSL at the load balancer (HTTP only communication between load balancer and server), and HTTP only health checks.
+In the `location` block for your app's SSL configuration, reference the following proxy header configurations:
+`proxy_set_header X-Forwarded-Proto $scheme;` & `proxy_redirect off;` & `proxy_set_header Host $http_host;` & `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
+In `config/application.rb` for Rails 3 and above, `config/environment.rb` for Rails 2, work off the following line:
+```ruby
+config.middleware.use Rack::SslEnforcer, ignore: lambda { |request| request.env["HTTP_X_FORWARDED_PROTO"].blank? }, strict: true
+```
+This ignores ELB healthchecks and development environment as ELB healthchecks aren't forwarded requests, so it wouldn't have the forwarded proto header.
+Same goes for when running without a proxy (like developemnt locally), making `:except_environments => 'development'` unecessary.
 ### Passenger
 Or, if you're using mod_rails/passenger (which will ignore the proxy_xxx directives):

data/lib/rack/ssl-enforcer.rb CHANGED

@@ -47,7 +47,7 @@ module Rack
       if redirect_required?
         call_before_redirect
-        modify_location_and_redirect
+        modify_location_and_redirect
       elsif ssl_request?
         status, headers, body = @app.call(env)
         flag_cookies_as_secure!(headers) if @options[:force_secure_cookies]
@@ -92,6 +92,8 @@ module Rack
       location = replace_scheme(location, @scheme)
       location = replace_host(location, @options[:redirect_to])
       redirect_to(location)
+    rescue URI::InvalidURIError
+      [400, { 'Content-Type' => 'text/plain'}, []]
     end
     def redirect_to(location)
@@ -119,7 +121,7 @@ module Rack
       if @request.env['HTTPS'] == 'on' || @request.env['HTTP_X_SSL_REQUEST'] == 'on'
         'https'
       elsif @request.env['HTTP_X_FORWARDED_PROTO']
-        @request.env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+        @request.env['HTTP_X_FORWARDED_PROTO'].split(',')[0] || @request.scheme
       else
         @request.scheme
       end
@@ -193,10 +195,11 @@ module Rack
     # see http://en.wikipedia.org/wiki/Strict_Transport_Security
     def set_hsts_headers!(headers)
-      opts = { :expires => 31536000, :subdomains => true }
+      opts = { :expires => 31536000, :subdomains => true, :preload => false }
       opts.merge!(@options[:hsts]) if @options[:hsts].is_a? Hash
       value  = "max-age=#{opts[:expires]}"
       value += "; includeSubDomains" if opts[:subdomains]
+      value += "; preload" if opts[:preload]
       headers.merge!({ 'Strict-Transport-Security' => value })
     end

data/lib/rack/ssl-enforcer/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Rack
   class SslEnforcer
-    VERSION = "0.2.8"
+    VERSION = "0.2.9"
   end
 end

metadata CHANGED

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-ssl-enforcer
 version: !ruby/object:Gem::Version
-  version: 0.2.8
-  prerelease:
+  version: 0.2.9
 platform: ruby
 authors:
 - Tobias Matthies
@@ -10,86 +9,76 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-18 00:00:00.000000000 Z
+date: 2015-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
   name: shoulda
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.11.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.11.3
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
 description: Rack::SslEnforcer is a simple Rack middleware to enforce ssl connections
@@ -100,37 +89,33 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/rack/ssl-enforcer/constraint.rb
-- lib/rack/ssl-enforcer/version.rb
-- lib/rack/ssl-enforcer.rb
-- lib/rack-ssl-enforcer.rb
 - LICENSE
 - README.md
+- lib/rack-ssl-enforcer.rb
+- lib/rack/ssl-enforcer.rb
+- lib/rack/ssl-enforcer/constraint.rb
+- lib/rack/ssl-enforcer/version.rb
 homepage: http://github.com/tobmatth/rack-ssl-enforcer
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -530063583
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
 rubyforge_project: rack-ssl-enforcer
-rubygems_version: 1.8.25
+rubygems_version: 2.4.8
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: A simple Rack middleware to enforce SSL
 test_files: []