rack-steady_etag 0.2.0 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/Gemfile.lock +3 -3
- data/README.md +14 -2
- data/lib/rack/steady_etag/version.rb +1 -1
- data/lib/rack/steady_etag.rb +34 -23
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '028b0d0f93545fddbfef80b9154a815c230d200f052d352645e00e8d1a147379'
|
|
4
|
+
data.tar.gz: 1c1851fbdb760066488caf9baadb3dae9682d20f149dbb34c95c2502e8781e34
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6a35c285174946b4c3c7116eb270fc03ed0ef60722c5b13801690ee89e516688b7135088eca05825a58e8893c9d1ba12de25edc3900591aa8f6d51d2f1c972b7
|
|
7
|
+
data.tar.gz: 2dd6b70d8fff2818a9da44437d8dd79b8feeb242cf27fc9edde6d94db11b662ed9f52af32e8f8e49979683371e622d48785779a417163ee8df22e97ae3fc59bf
|
data/CHANGELOG.md
CHANGED
|
@@ -5,9 +5,21 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
|
|
|
5
5
|
|
|
6
6
|
## Unreleased
|
|
7
7
|
|
|
8
|
+
## 0.2.3 - 2022-05-12
|
|
9
|
+
|
|
10
|
+
- Don't depend on `byebug` being in the user bundle.
|
|
11
|
+
|
|
12
|
+
## 0.2.2 - 2022-05-12
|
|
13
|
+
|
|
14
|
+
- Don't raise an error when processing binary content.
|
|
15
|
+
|
|
16
|
+
## 0.2.1 - 2022-05-12
|
|
17
|
+
|
|
18
|
+
- Only strip patterns for HTML and XHTML responses.
|
|
19
|
+
|
|
8
20
|
## 0.2.0 - 2022-05-12
|
|
9
21
|
|
|
10
|
-
- Be more compatible with Rack 2.2.
|
|
22
|
+
- Be more compatible with Rack 2.2.3:
|
|
11
23
|
- Always set a `Cache-Control` header, even for responses that we don't try to digest.
|
|
12
24
|
- Strip patterns for responses with `Cache-Control: public`
|
|
13
25
|
- Requires Rack 2.x (we want to break with Rack 3)
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rack-steady_etag (0.2.
|
|
4
|
+
rack-steady_etag (0.2.3)
|
|
5
5
|
activesupport (>= 3.2)
|
|
6
6
|
rack (~> 2.0)
|
|
7
7
|
|
|
@@ -14,9 +14,9 @@ GEM
|
|
|
14
14
|
minitest (>= 5.1)
|
|
15
15
|
tzinfo (~> 2.0)
|
|
16
16
|
byebug (11.1.3)
|
|
17
|
-
concurrent-ruby (1.1.
|
|
17
|
+
concurrent-ruby (1.1.10)
|
|
18
18
|
diff-lcs (1.4.4)
|
|
19
|
-
i18n (1.
|
|
19
|
+
i18n (1.10.0)
|
|
20
20
|
concurrent-ruby (~> 1.0)
|
|
21
21
|
minitest (5.15.0)
|
|
22
22
|
rack (2.2.3)
|
data/README.md
CHANGED
|
@@ -20,17 +20,29 @@ By default Rails uses [`Rack::ETag`](https://rdoc.info/github/rack/rack/Rack/ETa
|
|
|
20
20
|
You can add your own patterns:
|
|
21
21
|
|
|
22
22
|
```ruby
|
|
23
|
-
Rack::SteadyETag::
|
|
23
|
+
Rack::SteadyETag::STRIP_PATTERNS << /<meta name="XSRF-TOKEN" value="[^"]+">/
|
|
24
24
|
```
|
|
25
25
|
|
|
26
26
|
You can also push lambda for arbitrary transformations:
|
|
27
27
|
|
|
28
28
|
```ruby
|
|
29
|
-
Rack::SteadyETag::
|
|
29
|
+
Rack::SteadyETag::STRIP_PATTERNS << -> { |text| text.gsub(/<meta name="XSRF-TOKEN" value="[^"]+">/, '') }
|
|
30
30
|
```
|
|
31
31
|
|
|
32
32
|
Transformations are only applied for the `ETag` hash. The response body will not be changed.
|
|
33
33
|
|
|
34
|
+
## What responses are processed
|
|
35
|
+
|
|
36
|
+
This middleware will process responses that match all of the following:
|
|
37
|
+
|
|
38
|
+
- Responses with a HTTP status of 200 or 201.
|
|
39
|
+
- Responses with a `Content-Type` of `text/html` or `application/xhtml+xml`.
|
|
40
|
+
- Responses with a body.
|
|
41
|
+
|
|
42
|
+
Responses should also have an UTF-8 encoding (not checked by the middleware).
|
|
43
|
+
|
|
44
|
+
This middleware can also add a default `Cache-Control` header for responses it *didn't* process. This is passed as an argument during middleware initialization (see *Installation* below).
|
|
45
|
+
|
|
34
46
|
## Covered edge cases
|
|
35
47
|
|
|
36
48
|
- Different `ETags` are generated when the same content is accessed with different Rack sessions.
|
data/lib/rack/steady_etag.rb
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
require 'byebug'
|
|
2
1
|
require 'digest/sha2'
|
|
3
2
|
require "active_support/all"
|
|
4
3
|
require_relative "steady_etag"
|
|
@@ -6,8 +5,8 @@ require_relative "steady_etag/version"
|
|
|
6
5
|
|
|
7
6
|
module Rack
|
|
8
7
|
|
|
9
|
-
# Based on Rack::Etag from rack 2.2.
|
|
10
|
-
# https://github.com/rack/rack/blob/v2.2.
|
|
8
|
+
# Based on Rack::Etag from rack 2.2.3
|
|
9
|
+
# https://github.com/rack/rack/blob/v2.2.3/lib/rack/etag.rb
|
|
11
10
|
#
|
|
12
11
|
# Automatically sets the ETag header on all String bodies.
|
|
13
12
|
#
|
|
@@ -19,20 +18,25 @@ module Rack
|
|
|
19
18
|
# Yes, Rack::ETag sets a default Cache-Control for responses that it can digest.
|
|
20
19
|
DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate"
|
|
21
20
|
|
|
22
|
-
|
|
21
|
+
STRIP_PATTERNS = [
|
|
23
22
|
/<meta\b[^>]*\bname=(["'])csrf-token\1[^>]+>/i,
|
|
24
23
|
/<meta\b[^>]*\bname=(["'])csp-nonce\1[^>]+>/i,
|
|
25
24
|
/<input\b[^>]*\bname=(["'])authenticity_token\1[^>]+>/i,
|
|
26
25
|
lambda { |string| string.gsub(/(<script\b[^>]*)\bnonce=(["'])[^"']+\2+/i, '\1') }
|
|
27
26
|
]
|
|
28
27
|
|
|
28
|
+
STRIP_CONTENT_TYPES = %w[
|
|
29
|
+
text/html
|
|
30
|
+
application/xhtml+xml
|
|
31
|
+
]
|
|
32
|
+
|
|
29
33
|
def initialize(app, no_digest_cache_control = nil, digest_cache_control = DEFAULT_CACHE_CONTROL)
|
|
30
34
|
@app = app
|
|
31
35
|
|
|
32
36
|
@digest_cache_control = digest_cache_control
|
|
33
37
|
|
|
34
|
-
# Rails sets a default `Cache-Control: no-cache` for responses that
|
|
35
|
-
#
|
|
38
|
+
# Rails sets a default `Cache-Control: no-cache` for responses that we cannot digest.
|
|
39
|
+
# See https://github.com/rails/rails/blob/d96609505511a76c618dc3adfa3ca4679317d008/railties/lib/rails/application/default_middleware_stack.rb#L81
|
|
36
40
|
@no_digest_cache_control = no_digest_cache_control
|
|
37
41
|
end
|
|
38
42
|
|
|
@@ -82,7 +86,7 @@ module Rack
|
|
|
82
86
|
def etag_body?(body)
|
|
83
87
|
# Rack main branch checks for `:to_ary` here to exclude streaming responses,
|
|
84
88
|
# but that had other issues for me in testing. Maybe recheck when there is a
|
|
85
|
-
# new Rack release after 2.2.
|
|
89
|
+
# new Rack release after 2.2.3.
|
|
86
90
|
!body.respond_to?(:to_path)
|
|
87
91
|
end
|
|
88
92
|
|
|
@@ -94,20 +98,17 @@ module Rack
|
|
|
94
98
|
parts = []
|
|
95
99
|
digest = nil
|
|
96
100
|
|
|
101
|
+
strippable_response = STRIP_CONTENT_TYPES.include?(headers['Content-Type'])
|
|
102
|
+
|
|
97
103
|
body.each do |part|
|
|
98
104
|
parts << part
|
|
99
105
|
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
if session && (session_id = session['session_id'])
|
|
107
|
-
digest << session_id.to_s
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
|
|
106
|
+
# Note that `part` can be a string with binary data here.
|
|
107
|
+
# It's important to check emptiness with #empty? instead of #blank?, since #blank?
|
|
108
|
+
# internally calls String#match? and that explodes if the string is not valid UTF-8.
|
|
109
|
+
unless part.empty?
|
|
110
|
+
digest ||= initialize_digest(session)
|
|
111
|
+
part = strip_patterns(part) if strippable_response
|
|
111
112
|
digest << part
|
|
112
113
|
end
|
|
113
114
|
end
|
|
@@ -119,12 +120,22 @@ module Rack
|
|
|
119
120
|
[digest, parts]
|
|
120
121
|
end
|
|
121
122
|
|
|
122
|
-
def
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
123
|
+
def initialize_digest(session)
|
|
124
|
+
digest = Digest::SHA256.new
|
|
125
|
+
|
|
126
|
+
if session && (session_id = session['session_id'])
|
|
127
|
+
digest << session_id.to_s
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
digest
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
def strip_patterns(html)
|
|
134
|
+
STRIP_PATTERNS.each do |pattern|
|
|
135
|
+
if pattern.respond_to?(:call)
|
|
136
|
+
html = pattern.call(html)
|
|
126
137
|
else
|
|
127
|
-
html = html.gsub(
|
|
138
|
+
html = html.gsub(pattern, '')
|
|
128
139
|
end
|
|
129
140
|
end
|
|
130
141
|
html
|