rack-ssl-enforcer 0.2.8 → 0.2.9

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fee98e208302ce4570d8308c0a7c2c2bfe15ca0c
+  data.tar.gz: 3fc3e066e40919a1d4a011931db1ad3cc0c85bc5
+SHA512:
+  metadata.gz: 6ab296839b4c4969dc0dd98570185d6553884e106b45c795658fde104f4494ccdcb40b1cfcf6636b855cbe1932bb2cf35269bdb9ab4c08df84a8e44554d42943
+  data.tar.gz: 599f268fe46a56b99d6e26d57d0b341b7547a89e3d772dd7f838dc9d49a6a3271b516a4639166d4114af3d635e4b43db5b3a844e52a6fb84d486c77e31aa56f6

data/README.md

@@ -263,6 +263,25 @@ In the `location` block for your app's SSL configuration, include the following
 
 `proxy_set_header   X-Forwarded-Proto https;`
 
+### Nginx behind Load Balancer
+
+The following instruction has been tested behind AWS ELB, but can be adapted to work behind any load balancer.
+Specifically, the options below account for termination of SSL at the load balancer (HTTP only communication between load balancer and server), and HTTP only health checks.
+
+In the `location` block for your app's SSL configuration, reference the following proxy header configurations:
+
+`proxy_set_header X-Forwarded-Proto $scheme;` & `proxy_redirect off;` & `proxy_set_header Host $http_host;` & `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
+
+In `config/application.rb` for Rails 3 and above, `config/environment.rb` for Rails 2, work off the following line:
+
+```ruby
+config.middleware.use Rack::SslEnforcer, ignore: lambda { |request| request.env["HTTP_X_FORWARDED_PROTO"].blank? }, strict: true
+```
+
+This ignores ELB healthchecks and development environment as ELB healthchecks aren't forwarded requests, so it wouldn't have the forwarded proto header.
+
+Same goes for when running without a proxy (like developemnt locally), making `:except_environments => 'development'` unecessary.
+
 ### Passenger
 
 Or, if you're using mod_rails/passenger (which will ignore the proxy_xxx directives):

data/lib/rack/ssl-enforcer.rb

@@ -47,7 +47,7 @@ module Rack
 
       if redirect_required?
         call_before_redirect
-        modify_location_and_redirect 
+        modify_location_and_redirect
       elsif ssl_request?
         status, headers, body = @app.call(env)
         flag_cookies_as_secure!(headers) if @options[:force_secure_cookies]
@@ -92,6 +92,8 @@ module Rack
       location = replace_scheme(location, @scheme)
       location = replace_host(location, @options[:redirect_to])
       redirect_to(location)
+    rescue URI::InvalidURIError
+      [400, { 'Content-Type' => 'text/plain'}, []]
     end
 
     def redirect_to(location)
@@ -119,7 +121,7 @@ module Rack
       if @request.env['HTTPS'] == 'on' || @request.env['HTTP_X_SSL_REQUEST'] == 'on'
         'https'
       elsif @request.env['HTTP_X_FORWARDED_PROTO']
-        @request.env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+        @request.env['HTTP_X_FORWARDED_PROTO'].split(',')[0] || @request.scheme
       else
         @request.scheme
       end
@@ -193,10 +195,11 @@ module Rack
 
     # see http://en.wikipedia.org/wiki/Strict_Transport_Security
     def set_hsts_headers!(headers)
-      opts = { :expires => 31536000, :subdomains => true }
+      opts = { :expires => 31536000, :subdomains => true, :preload => false }
       opts.merge!(@options[:hsts]) if @options[:hsts].is_a? Hash
       value  = "max-age=#{opts[:expires]}"
       value += "; includeSubDomains" if opts[:subdomains]
+      value += "; preload" if opts[:preload]
       headers.merge!({ 'Strict-Transport-Security' => value })
     end
 

data/lib/rack/ssl-enforcer/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class SslEnforcer
-    VERSION = "0.2.8"
+    VERSION = "0.2.9"
   end
 end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-ssl-enforcer
 version: !ruby/object:Gem::Version
-  version: 0.2.8
-  prerelease: 
+  version: 0.2.9
 platform: ruby
 authors:
 - Tobias Matthies
@@ -10,86 +9,76 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-18 00:00:00.000000000 Z
+date: 2015-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
   name: shoulda
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.11.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.11.3
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.4
 description: Rack::SslEnforcer is a simple Rack middleware to enforce ssl connections
@@ -100,37 +89,33 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/rack/ssl-enforcer/constraint.rb
-- lib/rack/ssl-enforcer/version.rb
-- lib/rack/ssl-enforcer.rb
-- lib/rack-ssl-enforcer.rb
 - LICENSE
 - README.md
+- lib/rack-ssl-enforcer.rb
+- lib/rack/ssl-enforcer.rb
+- lib/rack/ssl-enforcer/constraint.rb
+- lib/rack/ssl-enforcer/version.rb
 homepage: http://github.com/tobmatth/rack-ssl-enforcer
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -530063583
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
 rubyforge_project: rack-ssl-enforcer
-rubygems_version: 1.8.25
+rubygems_version: 2.4.8
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A simple Rack middleware to enforce SSL
 test_files: []