rack-strip-cookies 0.0.4 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/rack/strip-cookies/version.rb +1 -1
- data/lib/rack/strip-cookies.rb +31 -6
- data/lib/rack-strip-cookies.rb +1 -1
- metadata +49 -33
- data/.gitignore +0 -17
- data/.rspec +0 -2
- data/.ruby-version +0 -1
- data/.travis.yml +0 -13
- data/Gemfile +0 -22
- data/LICENSE.txt +0 -22
- data/README.md +0 -47
- data/Rakefile +0 -10
- data/rack-strip-cookies.gemspec +0 -24
- data/spec/rack-strip-cookies_spec.rb +0 -47
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 66e97e6cf416eb10f05682f5ccf531f2c95f651e832ceee8ae8387609223afeb
|
4
|
+
data.tar.gz: e9991ec7c0baf84509ddf9ba82eff43c2ae8ff538c1744f0ffb19ca13a7c6318
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50a26b18e48cfcc3ae7da149461b85bc94ca490a11014ceb7bbe94f8bb97f1269f217d559a218ca6a194ddab7f87487a77528e8e2084009e2695534e801da6d1
|
7
|
+
data.tar.gz: 7c61e87dd4e6c9fabd721419b8d74f34b28690c45c55b81069809eebf4a6432971a725cdf0e5ca1e7e3c05526b51b1a6b0c6d67dbb56ee3da53103692505164d
|
data/lib/rack/strip-cookies.rb
CHANGED
@@ -1,20 +1,45 @@
|
|
1
1
|
module Rack
|
2
2
|
class StripCookies
|
3
|
-
attr_reader :paths
|
3
|
+
attr_reader :app, :paths, :invert
|
4
4
|
|
5
|
+
# Initializes the middleware.
|
6
|
+
#
|
7
|
+
# @param app [Rack application] The Rack application.
|
8
|
+
# @param paths [Array<String>] The paths where cookies should be deleted.
|
9
|
+
# @param invert [Boolean] Whether to invert the paths where cookies are deleted.
|
5
10
|
def initialize(app, options = {})
|
6
|
-
@app
|
11
|
+
@app = app
|
12
|
+
@paths = Array(options[:paths])
|
13
|
+
@invert = options[:invert] || false
|
7
14
|
end
|
8
15
|
|
16
|
+
# Entry point of the middleware.
|
17
|
+
#
|
18
|
+
# @param env [Hash] The request environment.
|
19
|
+
# @return [Array] The response containing the status, headers, and body.
|
9
20
|
def call(env)
|
10
|
-
path
|
11
|
-
|
21
|
+
# Extract the path from the request
|
22
|
+
path = Rack::Request.new(env).path
|
12
23
|
|
13
|
-
|
24
|
+
# Check if the request path is in the list of paths to be stripped
|
25
|
+
included = paths.any? { |s| path.include?(s) }
|
14
26
|
|
27
|
+
# Decide whether to strip cookies based on the request path and the invert flag
|
28
|
+
strip_out = ((included && !invert) || (!included && invert))
|
29
|
+
|
30
|
+
# If cookies are to be stripped, delete the HTTP_COOKIE from the request environment
|
31
|
+
env.delete("HTTP_COOKIE".freeze) if strip_out
|
32
|
+
|
33
|
+
# Call the next middleware/app and get the status, headers, and body of the response
|
15
34
|
status, headers, body = @app.call(env)
|
16
|
-
headers.delete('Set-Cookie') if included
|
17
35
|
|
36
|
+
# If cookies are to be stripped, delete the Set-Cookie header from the response
|
37
|
+
headers.delete("set-cookie".freeze) if strip_out
|
38
|
+
|
39
|
+
# If cookies were stripped, insert a custom header indicating that fact
|
40
|
+
headers["cookies-stripped".freeze] = "true" if strip_out
|
41
|
+
|
42
|
+
# Return the response (status, headers, body) to the next middleware or the web server
|
18
43
|
[status, headers, body]
|
19
44
|
end
|
20
45
|
end
|
data/lib/rack-strip-cookies.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require
|
1
|
+
require "rack/strip-cookies"
|
metadata
CHANGED
@@ -1,57 +1,85 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-strip-cookies
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Claudio Poli
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rack
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '3.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '3.0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: bundler
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
16
30
|
requirements:
|
17
|
-
- - "
|
31
|
+
- - ">="
|
18
32
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
33
|
+
version: '2.2'
|
20
34
|
type: :development
|
21
35
|
prerelease: false
|
22
36
|
version_requirements: !ruby/object:Gem::Requirement
|
23
37
|
requirements:
|
24
|
-
- - "
|
38
|
+
- - ">="
|
25
39
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
40
|
+
version: '2.2'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
|
-
name: rack
|
42
|
+
name: rack-test
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
|
-
- - "
|
45
|
+
- - ">="
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
47
|
+
version: 2.1.0
|
34
48
|
type: :development
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
38
|
-
- - "
|
52
|
+
- - ">="
|
39
53
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
54
|
+
version: 2.1.0
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 13.0.6
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 13.0.6
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: minitest
|
43
71
|
requirement: !ruby/object:Gem::Requirement
|
44
72
|
requirements:
|
45
|
-
- - "
|
73
|
+
- - ">="
|
46
74
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
75
|
+
version: 5.18.0
|
48
76
|
type: :development
|
49
77
|
prerelease: false
|
50
78
|
version_requirements: !ruby/object:Gem::Requirement
|
51
79
|
requirements:
|
52
|
-
- - "
|
80
|
+
- - ">="
|
53
81
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
82
|
+
version: 5.18.0
|
55
83
|
description: Rack middleware to remove cookies at user-defined paths.
|
56
84
|
email:
|
57
85
|
- claudio@icorete.ch
|
@@ -59,24 +87,14 @@ executables: []
|
|
59
87
|
extensions: []
|
60
88
|
extra_rdoc_files: []
|
61
89
|
files:
|
62
|
-
- ".gitignore"
|
63
|
-
- ".rspec"
|
64
|
-
- ".ruby-version"
|
65
|
-
- ".travis.yml"
|
66
|
-
- Gemfile
|
67
|
-
- LICENSE.txt
|
68
|
-
- README.md
|
69
|
-
- Rakefile
|
70
90
|
- lib/rack-strip-cookies.rb
|
71
91
|
- lib/rack/strip-cookies.rb
|
72
92
|
- lib/rack/strip-cookies/version.rb
|
73
|
-
- rack-strip-cookies.gemspec
|
74
|
-
- spec/rack-strip-cookies_spec.rb
|
75
93
|
homepage: http://github.com/icoretech/rack-strip-cookies
|
76
94
|
licenses:
|
77
95
|
- MIT
|
78
96
|
metadata: {}
|
79
|
-
post_install_message:
|
97
|
+
post_install_message:
|
80
98
|
rdoc_options: []
|
81
99
|
require_paths:
|
82
100
|
- lib
|
@@ -91,10 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
109
|
- !ruby/object:Gem::Version
|
92
110
|
version: '0'
|
93
111
|
requirements: []
|
94
|
-
|
95
|
-
|
96
|
-
signing_key:
|
112
|
+
rubygems_version: 3.4.6
|
113
|
+
signing_key:
|
97
114
|
specification_version: 4
|
98
115
|
summary: Rack middleware to remove cookies at user-defined paths.
|
99
|
-
test_files:
|
100
|
-
- spec/rack-strip-cookies_spec.rb
|
116
|
+
test_files: []
|
data/.gitignore
DELETED
data/.rspec
DELETED
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
ruby-2.1.5
|
data/.travis.yml
DELETED
data/Gemfile
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
source 'https://rubygems.org'
|
2
|
-
|
3
|
-
gemspec
|
4
|
-
|
5
|
-
gem 'rake'
|
6
|
-
|
7
|
-
github = 'git://github.com/%s.git'
|
8
|
-
repos = { 'rack' => github % 'rack/rack' }
|
9
|
-
|
10
|
-
%w(rack).each do |lib|
|
11
|
-
dep = case ENV[lib]
|
12
|
-
when 'stable', nil then nil
|
13
|
-
when /(\d+\.)+\d+/ then '~> ' + ENV[lib].sub("#{lib}-", '')
|
14
|
-
else { git: repos[lib], branch: dep }
|
15
|
-
end
|
16
|
-
gem lib, dep
|
17
|
-
end
|
18
|
-
|
19
|
-
group :test do
|
20
|
-
gem 'rack-test'
|
21
|
-
gem 'coveralls', require: false
|
22
|
-
end
|
data/LICENSE.txt
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
Copyright (c) 2013 Claudio Poli
|
2
|
-
|
3
|
-
MIT License
|
4
|
-
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
-
a copy of this software and associated documentation files (the
|
7
|
-
"Software"), to deal in the Software without restriction, including
|
8
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
-
permit persons to whom the Software is furnished to do so, subject to
|
11
|
-
the following conditions:
|
12
|
-
|
13
|
-
The above copyright notice and this permission notice shall be
|
14
|
-
included in all copies or substantial portions of the Software.
|
15
|
-
|
16
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
-
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
-
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
-
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
-
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
DELETED
@@ -1,47 +0,0 @@
|
|
1
|
-
# Rack::StripCookies [![Build Status](https://secure.travis-ci.org/icoretech/rack-strip-cookies.png)](https://travis-ci.org/icoretech/rack-strip-cookies?branch=master)
|
2
|
-
|
3
|
-
Simple Rack middleware to remove cookies at specified paths.
|
4
|
-
|
5
|
-
## Installation
|
6
|
-
|
7
|
-
Add this line to your application's Gemfile:
|
8
|
-
|
9
|
-
gem 'rack-strip-cookies'
|
10
|
-
|
11
|
-
And then execute:
|
12
|
-
|
13
|
-
$ bundle
|
14
|
-
|
15
|
-
Or install it yourself as:
|
16
|
-
|
17
|
-
$ gem install rack-strip-cookies
|
18
|
-
|
19
|
-
## Concept
|
20
|
-
|
21
|
-
The goal of this gem is not only avoid serving a cookie to a client through the Set-Cookie header, but also to erase cookies sent in the request. In other words the client-sent cookies will not make it to your application layer, provided the middleware is loaded in the correct place in the stack.
|
22
|
-
|
23
|
-
## Use cases
|
24
|
-
|
25
|
-
- You have a buggy third party library that raises exception when cookies are sent in a request, such as an authentication engine.
|
26
|
-
- You are looking for a cheap way to not mess with session cookie disabilitation in your framework.
|
27
|
-
- Selectively shut down cookies on specific paths, configurable when adding the middleware.
|
28
|
-
|
29
|
-
## Ruby on Rails
|
30
|
-
|
31
|
-
To make the middleware available in all environments, open `config/application.rb` and add in `class Application < Rails::Application`:
|
32
|
-
|
33
|
-
```ruby
|
34
|
-
config.middleware.insert_before(ActionDispatch::Cookies, Rack::StripCookies, paths: %w(/oauth2/token))
|
35
|
-
```
|
36
|
-
|
37
|
-
If you want to customize the environment in which the middleware is enabled edit the respective environment files instead.
|
38
|
-
|
39
|
-
You can verify the middleware positioning by typing `rake middleware` in the root of your application.
|
40
|
-
|
41
|
-
## Contributing
|
42
|
-
|
43
|
-
1. Fork it
|
44
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
45
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
46
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
47
|
-
5. Create new Pull Request
|
data/Rakefile
DELETED
data/rack-strip-cookies.gemspec
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
# coding: utf-8
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
3
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'rack/strip-cookies/version'
|
5
|
-
|
6
|
-
Gem::Specification.new do |spec|
|
7
|
-
spec.name = 'rack-strip-cookies'
|
8
|
-
spec.version = Rack::StripCookies::VERSION
|
9
|
-
spec.authors = ['Claudio Poli']
|
10
|
-
spec.email = ['claudio@icorete.ch']
|
11
|
-
spec.summary = 'Rack middleware to remove cookies at user-defined paths.'
|
12
|
-
spec.description = 'Rack middleware to remove cookies at user-defined paths.'
|
13
|
-
spec.homepage = 'http://github.com/icoretech/rack-strip-cookies'
|
14
|
-
spec.license = 'MIT'
|
15
|
-
|
16
|
-
spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
17
|
-
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
-
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
-
spec.require_paths = ['lib']
|
20
|
-
|
21
|
-
spec.add_development_dependency 'bundler', '~> 1.0'
|
22
|
-
spec.add_development_dependency 'rack', '~> 1.2'
|
23
|
-
spec.add_development_dependency 'rack-test', '~> 0.6.2'
|
24
|
-
end
|
@@ -1,47 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'minitest/spec'
|
3
|
-
require 'minitest/autorun'
|
4
|
-
require 'rack/mock'
|
5
|
-
require 'rack/test'
|
6
|
-
require 'coveralls'
|
7
|
-
|
8
|
-
require_relative '../lib/rack/strip-cookies'
|
9
|
-
|
10
|
-
Coveralls.wear!
|
11
|
-
|
12
|
-
describe Rack::StripCookies do
|
13
|
-
include Rack::Test::Methods
|
14
|
-
|
15
|
-
def app; Rack::Lint.new(@app); end
|
16
|
-
|
17
|
-
def mock_app(options_or_options_array = {})
|
18
|
-
main_app = lambda { |env|
|
19
|
-
request = Rack::Request.new(env)
|
20
|
-
headers = {'Content-Type' => "text/html"}
|
21
|
-
headers['Set-Cookie'] = "id=1; path=/oauth/token; secure; HttpOnly"
|
22
|
-
[200, headers, ['Hello there']]
|
23
|
-
}
|
24
|
-
|
25
|
-
builder = Rack::Builder.new
|
26
|
-
options_or_options_array = [options_or_options_array] unless options_or_options_array.is_a?(Array)
|
27
|
-
Array(options_or_options_array).each do |options|
|
28
|
-
builder.use Rack::StripCookies, options
|
29
|
-
end
|
30
|
-
builder.run main_app
|
31
|
-
@app = builder.to_app
|
32
|
-
end
|
33
|
-
|
34
|
-
before do
|
35
|
-
mock_app(paths: ["/oauth/token"])
|
36
|
-
end
|
37
|
-
|
38
|
-
it 'does not clean the cookie on another path' do
|
39
|
-
get 'http://www.example.org/oauth'
|
40
|
-
last_response.headers['Set-Cookie'].split("\n").must_equal(["id=1; path=/oauth/token; secure; HttpOnly"])
|
41
|
-
end
|
42
|
-
|
43
|
-
it 'clean the cookie' do
|
44
|
-
get 'http://www.example.org/oauth/token'
|
45
|
-
last_response.headers['Set-Cookie'].must_equal(nil)
|
46
|
-
end
|
47
|
-
end
|