rack-strip-cookies 0.0.4 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/rack/strip-cookies/version.rb +1 -1
- data/lib/rack/strip-cookies.rb +31 -6
- data/lib/rack-strip-cookies.rb +1 -1
- metadata +49 -33
- data/.gitignore +0 -17
- data/.rspec +0 -2
- data/.ruby-version +0 -1
- data/.travis.yml +0 -13
- data/Gemfile +0 -22
- data/LICENSE.txt +0 -22
- data/README.md +0 -47
- data/Rakefile +0 -10
- data/rack-strip-cookies.gemspec +0 -24
- data/spec/rack-strip-cookies_spec.rb +0 -47
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 66e97e6cf416eb10f05682f5ccf531f2c95f651e832ceee8ae8387609223afeb
|
4
|
+
data.tar.gz: e9991ec7c0baf84509ddf9ba82eff43c2ae8ff538c1744f0ffb19ca13a7c6318
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50a26b18e48cfcc3ae7da149461b85bc94ca490a11014ceb7bbe94f8bb97f1269f217d559a218ca6a194ddab7f87487a77528e8e2084009e2695534e801da6d1
|
7
|
+
data.tar.gz: 7c61e87dd4e6c9fabd721419b8d74f34b28690c45c55b81069809eebf4a6432971a725cdf0e5ca1e7e3c05526b51b1a6b0c6d67dbb56ee3da53103692505164d
|
data/lib/rack/strip-cookies.rb
CHANGED
@@ -1,20 +1,45 @@
|
|
1
1
|
module Rack
|
2
2
|
class StripCookies
|
3
|
-
attr_reader :paths
|
3
|
+
attr_reader :app, :paths, :invert
|
4
4
|
|
5
|
+
# Initializes the middleware.
|
6
|
+
#
|
7
|
+
# @param app [Rack application] The Rack application.
|
8
|
+
# @param paths [Array<String>] The paths where cookies should be deleted.
|
9
|
+
# @param invert [Boolean] Whether to invert the paths where cookies are deleted.
|
5
10
|
def initialize(app, options = {})
|
6
|
-
@app
|
11
|
+
@app = app
|
12
|
+
@paths = Array(options[:paths])
|
13
|
+
@invert = options[:invert] || false
|
7
14
|
end
|
8
15
|
|
16
|
+
# Entry point of the middleware.
|
17
|
+
#
|
18
|
+
# @param env [Hash] The request environment.
|
19
|
+
# @return [Array] The response containing the status, headers, and body.
|
9
20
|
def call(env)
|
10
|
-
path
|
11
|
-
|
21
|
+
# Extract the path from the request
|
22
|
+
path = Rack::Request.new(env).path
|
12
23
|
|
13
|
-
|
24
|
+
# Check if the request path is in the list of paths to be stripped
|
25
|
+
included = paths.any? { |s| path.include?(s) }
|
14
26
|
|
27
|
+
# Decide whether to strip cookies based on the request path and the invert flag
|
28
|
+
strip_out = ((included && !invert) || (!included && invert))
|
29
|
+
|
30
|
+
# If cookies are to be stripped, delete the HTTP_COOKIE from the request environment
|
31
|
+
env.delete("HTTP_COOKIE".freeze) if strip_out
|
32
|
+
|
33
|
+
# Call the next middleware/app and get the status, headers, and body of the response
|
15
34
|
status, headers, body = @app.call(env)
|
16
|
-
headers.delete('Set-Cookie') if included
|
17
35
|
|
36
|
+
# If cookies are to be stripped, delete the Set-Cookie header from the response
|
37
|
+
headers.delete("set-cookie".freeze) if strip_out
|
38
|
+
|
39
|
+
# If cookies were stripped, insert a custom header indicating that fact
|
40
|
+
headers["cookies-stripped".freeze] = "true" if strip_out
|
41
|
+
|
42
|
+
# Return the response (status, headers, body) to the next middleware or the web server
|
18
43
|
[status, headers, body]
|
19
44
|
end
|
20
45
|
end
|
data/lib/rack-strip-cookies.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require
|
1
|
+
require "rack/strip-cookies"
|
metadata
CHANGED
@@ -1,57 +1,85 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-strip-cookies
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Claudio Poli
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rack
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '3.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '3.0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: bundler
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
16
30
|
requirements:
|
17
|
-
- - "
|
31
|
+
- - ">="
|
18
32
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
33
|
+
version: '2.2'
|
20
34
|
type: :development
|
21
35
|
prerelease: false
|
22
36
|
version_requirements: !ruby/object:Gem::Requirement
|
23
37
|
requirements:
|
24
|
-
- - "
|
38
|
+
- - ">="
|
25
39
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
40
|
+
version: '2.2'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
|
-
name: rack
|
42
|
+
name: rack-test
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
|
-
- - "
|
45
|
+
- - ">="
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
47
|
+
version: 2.1.0
|
34
48
|
type: :development
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
38
|
-
- - "
|
52
|
+
- - ">="
|
39
53
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
54
|
+
version: 2.1.0
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 13.0.6
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 13.0.6
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: minitest
|
43
71
|
requirement: !ruby/object:Gem::Requirement
|
44
72
|
requirements:
|
45
|
-
- - "
|
73
|
+
- - ">="
|
46
74
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
75
|
+
version: 5.18.0
|
48
76
|
type: :development
|
49
77
|
prerelease: false
|
50
78
|
version_requirements: !ruby/object:Gem::Requirement
|
51
79
|
requirements:
|
52
|
-
- - "
|
80
|
+
- - ">="
|
53
81
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
82
|
+
version: 5.18.0
|
55
83
|
description: Rack middleware to remove cookies at user-defined paths.
|
56
84
|
email:
|
57
85
|
- claudio@icorete.ch
|
@@ -59,24 +87,14 @@ executables: []
|
|
59
87
|
extensions: []
|
60
88
|
extra_rdoc_files: []
|
61
89
|
files:
|
62
|
-
- ".gitignore"
|
63
|
-
- ".rspec"
|
64
|
-
- ".ruby-version"
|
65
|
-
- ".travis.yml"
|
66
|
-
- Gemfile
|
67
|
-
- LICENSE.txt
|
68
|
-
- README.md
|
69
|
-
- Rakefile
|
70
90
|
- lib/rack-strip-cookies.rb
|
71
91
|
- lib/rack/strip-cookies.rb
|
72
92
|
- lib/rack/strip-cookies/version.rb
|
73
|
-
- rack-strip-cookies.gemspec
|
74
|
-
- spec/rack-strip-cookies_spec.rb
|
75
93
|
homepage: http://github.com/icoretech/rack-strip-cookies
|
76
94
|
licenses:
|
77
95
|
- MIT
|
78
96
|
metadata: {}
|
79
|
-
post_install_message:
|
97
|
+
post_install_message:
|
80
98
|
rdoc_options: []
|
81
99
|
require_paths:
|
82
100
|
- lib
|
@@ -91,10 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
109
|
- !ruby/object:Gem::Version
|
92
110
|
version: '0'
|
93
111
|
requirements: []
|
94
|
-
|
95
|
-
|
96
|
-
signing_key:
|
112
|
+
rubygems_version: 3.4.6
|
113
|
+
signing_key:
|
97
114
|
specification_version: 4
|
98
115
|
summary: Rack middleware to remove cookies at user-defined paths.
|
99
|
-
test_files:
|
100
|
-
- spec/rack-strip-cookies_spec.rb
|
116
|
+
test_files: []
|
data/.gitignore
DELETED
data/.rspec
DELETED
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
ruby-2.1.5
|
data/.travis.yml
DELETED
data/Gemfile
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
source 'https://rubygems.org'
|
2
|
-
|
3
|
-
gemspec
|
4
|
-
|
5
|
-
gem 'rake'
|
6
|
-
|
7
|
-
github = 'git://github.com/%s.git'
|
8
|
-
repos = { 'rack' => github % 'rack/rack' }
|
9
|
-
|
10
|
-
%w(rack).each do |lib|
|
11
|
-
dep = case ENV[lib]
|
12
|
-
when 'stable', nil then nil
|
13
|
-
when /(\d+\.)+\d+/ then '~> ' + ENV[lib].sub("#{lib}-", '')
|
14
|
-
else { git: repos[lib], branch: dep }
|
15
|
-
end
|
16
|
-
gem lib, dep
|
17
|
-
end
|
18
|
-
|
19
|
-
group :test do
|
20
|
-
gem 'rack-test'
|
21
|
-
gem 'coveralls', require: false
|
22
|
-
end
|
data/LICENSE.txt
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
Copyright (c) 2013 Claudio Poli
|
2
|
-
|
3
|
-
MIT License
|
4
|
-
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
-
a copy of this software and associated documentation files (the
|
7
|
-
"Software"), to deal in the Software without restriction, including
|
8
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
-
permit persons to whom the Software is furnished to do so, subject to
|
11
|
-
the following conditions:
|
12
|
-
|
13
|
-
The above copyright notice and this permission notice shall be
|
14
|
-
included in all copies or substantial portions of the Software.
|
15
|
-
|
16
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
-
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
-
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
-
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
-
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
DELETED
@@ -1,47 +0,0 @@
|
|
1
|
-
# Rack::StripCookies [](https://travis-ci.org/icoretech/rack-strip-cookies?branch=master)
|
2
|
-
|
3
|
-
Simple Rack middleware to remove cookies at specified paths.
|
4
|
-
|
5
|
-
## Installation
|
6
|
-
|
7
|
-
Add this line to your application's Gemfile:
|
8
|
-
|
9
|
-
gem 'rack-strip-cookies'
|
10
|
-
|
11
|
-
And then execute:
|
12
|
-
|
13
|
-
$ bundle
|
14
|
-
|
15
|
-
Or install it yourself as:
|
16
|
-
|
17
|
-
$ gem install rack-strip-cookies
|
18
|
-
|
19
|
-
## Concept
|
20
|
-
|
21
|
-
The goal of this gem is not only avoid serving a cookie to a client through the Set-Cookie header, but also to erase cookies sent in the request. In other words the client-sent cookies will not make it to your application layer, provided the middleware is loaded in the correct place in the stack.
|
22
|
-
|
23
|
-
## Use cases
|
24
|
-
|
25
|
-
- You have a buggy third party library that raises exception when cookies are sent in a request, such as an authentication engine.
|
26
|
-
- You are looking for a cheap way to not mess with session cookie disabilitation in your framework.
|
27
|
-
- Selectively shut down cookies on specific paths, configurable when adding the middleware.
|
28
|
-
|
29
|
-
## Ruby on Rails
|
30
|
-
|
31
|
-
To make the middleware available in all environments, open `config/application.rb` and add in `class Application < Rails::Application`:
|
32
|
-
|
33
|
-
```ruby
|
34
|
-
config.middleware.insert_before(ActionDispatch::Cookies, Rack::StripCookies, paths: %w(/oauth2/token))
|
35
|
-
```
|
36
|
-
|
37
|
-
If you want to customize the environment in which the middleware is enabled edit the respective environment files instead.
|
38
|
-
|
39
|
-
You can verify the middleware positioning by typing `rake middleware` in the root of your application.
|
40
|
-
|
41
|
-
## Contributing
|
42
|
-
|
43
|
-
1. Fork it
|
44
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
45
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
46
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
47
|
-
5. Create new Pull Request
|
data/Rakefile
DELETED
data/rack-strip-cookies.gemspec
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
# coding: utf-8
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
3
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'rack/strip-cookies/version'
|
5
|
-
|
6
|
-
Gem::Specification.new do |spec|
|
7
|
-
spec.name = 'rack-strip-cookies'
|
8
|
-
spec.version = Rack::StripCookies::VERSION
|
9
|
-
spec.authors = ['Claudio Poli']
|
10
|
-
spec.email = ['claudio@icorete.ch']
|
11
|
-
spec.summary = 'Rack middleware to remove cookies at user-defined paths.'
|
12
|
-
spec.description = 'Rack middleware to remove cookies at user-defined paths.'
|
13
|
-
spec.homepage = 'http://github.com/icoretech/rack-strip-cookies'
|
14
|
-
spec.license = 'MIT'
|
15
|
-
|
16
|
-
spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
17
|
-
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
-
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
-
spec.require_paths = ['lib']
|
20
|
-
|
21
|
-
spec.add_development_dependency 'bundler', '~> 1.0'
|
22
|
-
spec.add_development_dependency 'rack', '~> 1.2'
|
23
|
-
spec.add_development_dependency 'rack-test', '~> 0.6.2'
|
24
|
-
end
|
@@ -1,47 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'minitest/spec'
|
3
|
-
require 'minitest/autorun'
|
4
|
-
require 'rack/mock'
|
5
|
-
require 'rack/test'
|
6
|
-
require 'coveralls'
|
7
|
-
|
8
|
-
require_relative '../lib/rack/strip-cookies'
|
9
|
-
|
10
|
-
Coveralls.wear!
|
11
|
-
|
12
|
-
describe Rack::StripCookies do
|
13
|
-
include Rack::Test::Methods
|
14
|
-
|
15
|
-
def app; Rack::Lint.new(@app); end
|
16
|
-
|
17
|
-
def mock_app(options_or_options_array = {})
|
18
|
-
main_app = lambda { |env|
|
19
|
-
request = Rack::Request.new(env)
|
20
|
-
headers = {'Content-Type' => "text/html"}
|
21
|
-
headers['Set-Cookie'] = "id=1; path=/oauth/token; secure; HttpOnly"
|
22
|
-
[200, headers, ['Hello there']]
|
23
|
-
}
|
24
|
-
|
25
|
-
builder = Rack::Builder.new
|
26
|
-
options_or_options_array = [options_or_options_array] unless options_or_options_array.is_a?(Array)
|
27
|
-
Array(options_or_options_array).each do |options|
|
28
|
-
builder.use Rack::StripCookies, options
|
29
|
-
end
|
30
|
-
builder.run main_app
|
31
|
-
@app = builder.to_app
|
32
|
-
end
|
33
|
-
|
34
|
-
before do
|
35
|
-
mock_app(paths: ["/oauth/token"])
|
36
|
-
end
|
37
|
-
|
38
|
-
it 'does not clean the cookie on another path' do
|
39
|
-
get 'http://www.example.org/oauth'
|
40
|
-
last_response.headers['Set-Cookie'].split("\n").must_equal(["id=1; path=/oauth/token; secure; HttpOnly"])
|
41
|
-
end
|
42
|
-
|
43
|
-
it 'clean the cookie' do
|
44
|
-
get 'http://www.example.org/oauth/token'
|
45
|
-
last_response.headers['Set-Cookie'].must_equal(nil)
|
46
|
-
end
|
47
|
-
end
|