rack-ssl 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack-ssl might be problematic. Click here for more details.

Files changed (4) hide show
  1. data/LICENSE +22 -0
  2. data/README.md +13 -0
  3. data/lib/rack/ssl.rb +72 -0
  4. metadata +81 -0
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2010 Joshua Peek
2
+
3
+ Permission is hereby granted, free of charge, to any person
4
+ obtaining a copy of this software and associated documentation
5
+ files (the "Software"), to deal in the Software without
6
+ restriction, including without limitation the rights to use,
7
+ copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ copies of the Software, and to permit persons to whom the
9
+ Software is furnished to do so, subject to the following
10
+ conditions:
11
+
12
+ The above copyright notice and this permission notice shall be
13
+ included in all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
17
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
19
+ HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20
+ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22
+ OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,13 @@
1
+ Rack::SSL
2
+ =========
3
+
4
+ Force SSL/TLS in your app.
5
+
6
+ 1. Redirects all "http" requests to "https"
7
+ 2. Set `Strict-Transport-Security` header
8
+ 3. Flag all cookies as "secure"
9
+
10
+ Usage
11
+ -----
12
+
13
+ use Rack::SSL
@@ -0,0 +1,72 @@
1
+ require 'rack'
2
+ require 'rack/request'
3
+
4
+ module Rack
5
+ class SSL
6
+ YEAR = 31536000
7
+
8
+ def self.default_hsts_options
9
+ { :expires => YEAR, :subdomains => false }
10
+ end
11
+
12
+ def initialize(app, options = {})
13
+ @app = app
14
+
15
+ @hsts = options[:hsts]
16
+ @hsts = {} if @hsts.nil? || @hsts == true
17
+ @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts
18
+ end
19
+
20
+ def call(env)
21
+ if scheme(env) == 'https'
22
+ status, headers, body = @app.call(env)
23
+ headers = hsts_headers.merge(headers)
24
+ flag_cookies_as_secure!(headers)
25
+ [status, headers, body]
26
+ else
27
+ redirect_to_https(env)
28
+ end
29
+ end
30
+
31
+ private
32
+ # Fixed in rack >= 1.3
33
+ def scheme(env)
34
+ if env['HTTPS'] == 'on'
35
+ 'https'
36
+ elsif env['HTTP_X_FORWARDED_PROTO']
37
+ env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
38
+ else
39
+ env['rack.url_scheme']
40
+ end
41
+ end
42
+
43
+ def redirect_to_https(env)
44
+ req = Request.new(env)
45
+ location = req.url.sub(/^http:/, 'https:')
46
+ [301, hsts_headers.merge({'Content-Type' => "text/html", 'Location' => location}), []]
47
+ end
48
+
49
+ # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
50
+ def hsts_headers
51
+ if @hsts
52
+ value = "max-age=#{@hsts[:expires]}"
53
+ value += "; includeSubDomains" if @hsts[:subdomains]
54
+ { 'Strict-Transport-Security' => value }
55
+ else
56
+ {}
57
+ end
58
+ end
59
+
60
+ def flag_cookies_as_secure!(headers)
61
+ if cookies = headers['Set-Cookie']
62
+ headers['Set-Cookie'] = cookies.split("\n").map { |cookie|
63
+ if cookie !~ / secure;/
64
+ "#{cookie}; secure"
65
+ else
66
+ cookie
67
+ end
68
+ }.join("\n")
69
+ end
70
+ end
71
+ end
72
+ end
metadata ADDED
@@ -0,0 +1,81 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-ssl
3
+ version: !ruby/object:Gem::Version
4
+ hash: 23
5
+ prerelease: false
6
+ segments:
7
+ - 1
8
+ - 0
9
+ - 0
10
+ version: 1.0.0
11
+ platform: ruby
12
+ authors:
13
+ - Joshua Peek
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2010-11-05 00:00:00 -05:00
19
+ default_executable:
20
+ dependencies:
21
+ - !ruby/object:Gem::Dependency
22
+ name: rack
23
+ prerelease: false
24
+ requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ hash: 3
30
+ segments:
31
+ - 0
32
+ version: "0"
33
+ type: :runtime
34
+ version_requirements: *id001
35
+ description: Force SSL/TLS in your app.
36
+ email: josh@joshpeek.com
37
+ executables: []
38
+
39
+ extensions: []
40
+
41
+ extra_rdoc_files:
42
+ - LICENSE
43
+ - README.md
44
+ files:
45
+ - lib/rack/ssl.rb
46
+ has_rdoc: true
47
+ homepage: https://github.com/josh/rack-ssl
48
+ licenses: []
49
+
50
+ post_install_message:
51
+ rdoc_options: []
52
+
53
+ require_paths:
54
+ - lib
55
+ required_ruby_version: !ruby/object:Gem::Requirement
56
+ none: false
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ hash: 3
61
+ segments:
62
+ - 0
63
+ version: "0"
64
+ required_rubygems_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ hash: 3
70
+ segments:
71
+ - 0
72
+ version: "0"
73
+ requirements: []
74
+
75
+ rubyforge_project:
76
+ rubygems_version: 1.3.7
77
+ signing_key:
78
+ specification_version: 3
79
+ summary: Rack middleware to force SSL
80
+ test_files: []
81
+