rack-ssl-enforcer 0.1.8 → 0.1.9

data/README.rdoc

@@ -2,10 +2,12 @@
 
 Rack::SslEnforcer is a simple Rack middleware to enforce ssl connections
 
+
 == Installation
 
   gem install rack-ssl-enforcer
 
+
 == Usage
 
   require 'rack-ssl-enforcer'
@@ -17,7 +19,7 @@ You might need the :redirect_to option if the requested URL can't be determined
 
   use Rack::SslEnforcer, :redirect_to => 'https://example.org'
   
-You can also define specifics regex pattern or path to redirect.
+You can also define specific regex patterns or paths to redirect.
   
   use Rack::SslEnforcer, :only => /^\/admin\//
   use Rack::SslEnforcer, :only => "/login"
@@ -27,6 +29,26 @@ And force http for non-https path
 
   use Rack::SslEnforcer, :only => ["/login", /\.xml$/], :strict => true
 
+
+== TODO
+
+* Add HSTS support, see http://en.wikipedia.org/wiki/Strict_Transport_Security
+* Add configuration option to specify local http / https ports
+
+
+== Contributors
+
+* {Dan Mayer}[http://github.com/danmayer]
+* {Rémy Coutable}[http://github.com/rymai]
+* {Thibaud Guillaume-Gentil}[http://github.com/thibaudgg]
+* {Paul Annesley}[https://github.com/pda]
+
+
+== Credits
+
+Flagging cookies as secure functionality is greatly inspired by {Joshua Peek's Rack::SSL}[https://github.com/josh/rack-ssl]
+
+
 == Note on Patches/Pull Requests
  
 * Fork the project.
@@ -37,11 +59,6 @@ And force http for non-https path
   (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
 * Send me a pull request. Bonus points for topic branches.
 
-== Contributors
-
-* {Dan Mayer}[http://github.com/danmayer]
-* {Rémy Coutable}[http://github.com/rymai]
-* {Thibaud Guillaume-Gentil}[http://github.com/thibaudgg]
 
 == Copyright
 

data/lib/rack/ssl-enforcer.rb

@@ -14,9 +14,13 @@ module Rack
       end
       
       if scheme
-        location = @options[:redirect_to] || @req.url.gsub(/^https?/, scheme)
+        location = @options[:redirect_to] || replace_scheme(@req, scheme).url
         body     = "<html><body>You are being <a href=\"#{location}\">redirected</a>.</body></html>"
         [301, { 'Content-Type' => 'text/html', 'Location' => location }, [body]]
+      elsif ssl_request?(env)
+        status, headers, body = @app.call(env)
+        flag_cookies_as_secure!(headers)
+        [status, headers, body]
       else
         @app.call(env)
       end
@@ -25,7 +29,18 @@ module Rack
   private
     
     def ssl_request?(env)
-      (env['HTTP_X_FORWARDED_PROTO'] || @req.scheme) == 'https'
+      scheme(env) == 'https'
+    end
+    
+    # Fixed in rack >= 1.3
+    def scheme(env)
+      if env['HTTPS'] == 'on'
+        'https'
+      elsif env['HTTP_X_FORWARDED_PROTO']
+        env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+      else
+        env['rack.url_scheme']
+      end
     end
     
     def enforce_ssl?(env)
@@ -43,5 +58,28 @@ module Rack
       end
     end
     
+    def replace_scheme(req, scheme)
+      Rack::Request.new(req.env.merge(
+        'rack.url_scheme' => scheme,
+        'SERVER_PORT' => port_for(scheme).to_s
+      ))
+    end
+    
+    def port_for(scheme)
+      scheme == 'https' ? 443 : 80
+    end
+
+    def flag_cookies_as_secure!(headers)
+      if cookies = headers['Set-Cookie']
+        headers['Set-Cookie'] = cookies.split("\n").map { |cookie|
+          if cookie !~ / secure;/
+            "#{cookie}; secure"
+          else
+            cookie
+          end
+        }.join("\n")
+      end
+    end
+    
   end
 end

data/lib/rack/ssl-enforcer/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class SslEnforcer
-    VERSION = "0.1.8"
+    VERSION = "0.1.9"
   end
 end

metadata

@@ -1,13 +1,12 @@
 --- !ruby/object:Gem::Specification 
 name: rack-ssl-enforcer
 version: !ruby/object:Gem::Version 
-  hash: 11
   prerelease: false
   segments: 
   - 0
   - 1
-  - 8
-  version: 0.1.8
+  - 9
+  version: 0.1.9
 platform: ruby
 authors: 
 - Tobias Matthies
@@ -16,73 +15,127 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-10 00:00:00 +02:00
+date: 2010-11-17 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: bundler
+  name: guard
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 2
+        - 1
+        version: 0.2.1
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: guard-test
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 23
         segments: 
+        - 0
         - 1
+        - 3
+        version: 0.1.3
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: guard-bundler
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
         - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
         - 0
-        version: 1.0.0
+        - 5
+        version: 1.0.5
   type: :development
-  version_requirements: *id001
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: test-unit
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 1
+        - 1
+        version: 2.1.1
+  type: :development
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency 
   name: shoulda
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 37
         segments: 
         - 2
         - 11
         - 3
         version: 2.11.3
   type: :development
-  version_requirements: *id002
+  version_requirements: *id006
 - !ruby/object:Gem::Dependency 
   name: rack
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 31
         segments: 
         - 1
         - 2
         - 0
         version: 1.2.0
   type: :development
-  version_requirements: *id003
+  version_requirements: *id007
 - !ruby/object:Gem::Dependency 
   name: rack-test
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         - 5
         - 4
         version: 0.5.4
   type: :development
-  version_requirements: *id004
+  version_requirements: *id008
 description: Rack::SslEnforcer is a simple Rack middleware to enforce ssl connections
 email: 
 - tm@mit2m.de
@@ -94,9 +147,9 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
+- lib/rack/rack-ssl-enforcer.rb
 - lib/rack/ssl-enforcer/version.rb
 - lib/rack/ssl-enforcer.rb
-- lib/rack-ssl-enforcer.rb
 - LICENSE
 - README.rdoc
 has_rdoc: true
@@ -113,7 +166,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
       segments: 
       - 0
       version: "0"
@@ -122,7 +174,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 23
       segments: 
       - 1
       - 3