rack-steady_etag 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/rack/steady_etag/version.rb +1 -1
- data/lib/rack/steady_etag.rb +12 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7d2e8f19f09cac1377380b52aaac1c09e39bb565af7976863cab2c0f6ec303fe
|
|
4
|
+
data.tar.gz: 84aeee379982cce1a96fc25600b60a4b4bd01ab4a3699792ce821a57bf70ca31
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0d16e5141ab9794dcf6cf751ac150aaec48e058fd9acce6ae4ea11011ac3d79a9a65ff0d07abfbe8d9df797f6677cf2688613094975a67a78fe726b86c9a66b1
|
|
7
|
+
data.tar.gz: 508c64a1acc11988a64d498d05c26d707e6eee0626d0d656bc05823e8c63c30775056325874f1bff4c87b1335a44c054e05f40db8e7aa3abd7e258663abc3d30
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,10 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
|
|
|
5
5
|
|
|
6
6
|
## Unreleased
|
|
7
7
|
|
|
8
|
+
## 0.3.1 - 2022-07-19
|
|
9
|
+
|
|
10
|
+
- Fix a bug where we would not strip HTML responses with an embedded charset (e.g. `text/html; charset=utf-8`).
|
|
11
|
+
|
|
8
12
|
## 0.3.0 - 2022-05-13
|
|
9
13
|
|
|
10
14
|
- Support for old Rack 1.4.7 (last version supported by Rails 3.2)
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Rack::SteadyETag
|
|
2
2
|
|
|
3
|
-
`Rack::
|
|
3
|
+
`Rack::SteadyETag` is a Rack middleware that generates the same default [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) for responses that only differ in CSRF tokens or CSP nonces.
|
|
4
4
|
|
|
5
5
|
By default Rails uses [`Rack::ETag`](https://rdoc.info/github/rack/rack/Rack/ETag) to generate `ETag` headers by hashing the response body. In theory this would [enable caching](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match) for multiple requests to the same resource. However, since most Rails application layouts insert randomly rotating CSRF tokens and CSP nonces into the HTML, two requests for the same content and user will never produce the same response bytes. This means `Rack::ETag` will never send the same ETag twice, causing responses to [never hit a cache](https://github.com/rails/rails/issues/29889).
|
|
6
6
|
|
data/lib/rack/steady_etag.rb
CHANGED
|
@@ -110,7 +110,7 @@ module Rack
|
|
|
110
110
|
parts = []
|
|
111
111
|
digest = nil
|
|
112
112
|
|
|
113
|
-
strippable_response =
|
|
113
|
+
strippable_response = strippable_response?(headers)
|
|
114
114
|
|
|
115
115
|
body.each do |part|
|
|
116
116
|
parts << part
|
|
@@ -153,5 +153,16 @@ module Rack
|
|
|
153
153
|
html
|
|
154
154
|
end
|
|
155
155
|
|
|
156
|
+
private
|
|
157
|
+
|
|
158
|
+
def strippable_response?(headers)
|
|
159
|
+
content_type = headers['Content-Type']
|
|
160
|
+
return false unless content_type
|
|
161
|
+
|
|
162
|
+
# Convert "text/tml; charset=utf-8" to just "text/html"
|
|
163
|
+
content_type = content_type.split(/\s*;\s*/)[0]
|
|
164
|
+
STRIP_CONTENT_TYPES.include?(content_type)
|
|
165
|
+
end
|
|
166
|
+
|
|
156
167
|
end
|
|
157
168
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-steady_etag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Henning Koch
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-07-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|