rack_csrf 2.6.0 → 2.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.circleci/config.yml +30 -0
- data/.github/dependabot.yml +11 -0
- data/.github/workflows/ci.yml +35 -0
- data/Changelog.md +5 -0
- data/LICENSE.rdoc +1 -1
- data/README.rdoc +6 -5
- data/features/support/env.rb +2 -0
- data/lib/rack/csrf/version.rb +1 -1
- data/lib/rack/csrf.rb +16 -2
- data/rack_csrf.gemspec +1 -1
- data/spec/spec_helper.rb +1 -0
- metadata +12 -11
- data/.travis.yml +0 -25
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 5063e661614ec782c33a22dc458d7f6a6d89be5a59c6c08297bc1cdc2f9675aa
|
|
4
|
+
data.tar.gz: 4b2b7c1208e605a314ddcb581268b32eb214bb791be52d7875bc37e2b1258abf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 21e09bf5ee433e1c9feea3ed29de30e7ff05c3a3c9d6bca35b2feeea8c0686e203c4c4f01fdff11eee8029b4094f32f26a9965b6918e03e5137b5db0eaafd61d
|
|
7
|
+
data.tar.gz: fa1aaa6fa9002de2519566b07aeb542fc91a1f0824030db83f384f182971a36c9b78fbf463a09230f17f116d6d7cd2e1347f97a65102c801cd557dfd404e59f0
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
version: 2.1
|
|
2
|
+
|
|
3
|
+
jobs:
|
|
4
|
+
run_tests:
|
|
5
|
+
parameters:
|
|
6
|
+
ruby_version:
|
|
7
|
+
description: "Version of Ruby to run tests in"
|
|
8
|
+
type: string
|
|
9
|
+
rack_version:
|
|
10
|
+
description: "More or less the Rack version we want to test against"
|
|
11
|
+
type: string
|
|
12
|
+
environment:
|
|
13
|
+
TEST_WITH_RACK: << parameters.rack_version >>
|
|
14
|
+
docker:
|
|
15
|
+
- image: ruby:<< parameters.ruby_version >>
|
|
16
|
+
steps:
|
|
17
|
+
- checkout
|
|
18
|
+
- run: bundle install
|
|
19
|
+
- run: bundle exec rake spec
|
|
20
|
+
- run: bundle exec rake features
|
|
21
|
+
|
|
22
|
+
workflows:
|
|
23
|
+
version: 2
|
|
24
|
+
test:
|
|
25
|
+
jobs:
|
|
26
|
+
- run_tests:
|
|
27
|
+
matrix:
|
|
28
|
+
parameters:
|
|
29
|
+
ruby_version: ["2.7", "3.0", "3.1"]
|
|
30
|
+
rack_version: ["1.6.0", "2.1.0", "2.2.0", "3.0.0"]
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
- pull_request
|
|
5
|
+
- push
|
|
6
|
+
- workflow_dispatch
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
contents: read
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
tests:
|
|
13
|
+
strategy:
|
|
14
|
+
matrix:
|
|
15
|
+
ruby_version:
|
|
16
|
+
- "2.7"
|
|
17
|
+
- "3.0"
|
|
18
|
+
- "3.1"
|
|
19
|
+
rack_version:
|
|
20
|
+
- "1.6.0"
|
|
21
|
+
- "2.1.0"
|
|
22
|
+
- "2.2.0"
|
|
23
|
+
- "3.0.0"
|
|
24
|
+
name: Ruby ~> ${{ matrix.ruby_version }}; Rack ~> ${{ matrix.rack_version }}
|
|
25
|
+
runs-on: ubuntu-latest
|
|
26
|
+
env:
|
|
27
|
+
TEST_WITH_RACK: ${{ matrix.rack_version }}
|
|
28
|
+
steps:
|
|
29
|
+
- uses: actions/checkout@v3
|
|
30
|
+
- uses: ruby/setup-ruby@v1
|
|
31
|
+
with:
|
|
32
|
+
ruby-version: ${{ matrix.ruby_version }}
|
|
33
|
+
bundler-cache: true
|
|
34
|
+
- run: bundle exec rake spec
|
|
35
|
+
- run: bundle exec rake features
|
data/Changelog.md
CHANGED
data/LICENSE.rdoc
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
(The MIT License)
|
|
4
4
|
|
|
5
|
-
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016 Emanuele Vicentini
|
|
5
|
+
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016, 2022 Emanuele Vicentini
|
|
6
6
|
|
|
7
7
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
8
8
|
of this software and associated documentation files (the 'Software'), to deal
|
data/README.rdoc
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
= Rack::Csrf {<img src="https://
|
|
1
|
+
= Rack::Csrf {<img src="https://circleci.com/gh/baldowl/rack_csrf.svg?style=svg" alt="CircleCI" />}[https://circleci.com/gh/baldowl/rack_csrf] {<img src="https://github.com/baldowl/rack_csrf/actions/workflows/ci.yml/badge.svg?branch=master" alt="Actions Status: CI" />}[https://github.com/baldowl/rack_csrf/actions?query=workflow%3ACI+branch%3Amaster] {<img src="https://badge.fury.io/rb/rack_csrf.svg" alt="Gem Version" />}[http://badge.fury.io/rb/rack_csrf]
|
|
2
2
|
|
|
3
3
|
This is just a small Rack middleware whose only goal is to lessen the hazards
|
|
4
4
|
posed by CSRF attacks by trying to ensure that all requests of particular
|
|
@@ -193,8 +193,9 @@ framework; see the various README files for other details.
|
|
|
193
193
|
== Supported Rubies and Racks
|
|
194
194
|
|
|
195
195
|
The gemspec shows the minimum Ruby and Rack versions, but Rack::Csrf is
|
|
196
|
-
tested only with the Rubies and Racks you can see in
|
|
197
|
-
|
|
196
|
+
tested only with the Rubies and Racks you can see in
|
|
197
|
+
<tt>.circleci/config.yml</tt> and/or <tt>.github/workflows/ci.yml</tt>. It
|
|
198
|
+
could work also with older versions, but I decided not to test it against
|
|
198
199
|
unsupported Rubies and Racks.
|
|
199
200
|
|
|
200
201
|
== Contributing
|
|
@@ -219,5 +220,5 @@ forgo responsibilities for keeping your application as safe as possible.
|
|
|
219
220
|
|
|
220
221
|
== Copyright
|
|
221
222
|
|
|
222
|
-
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016 Emanuele Vicentini.
|
|
223
|
-
LICENSE.rdoc for details.
|
|
223
|
+
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016, 2022 Emanuele Vicentini.
|
|
224
|
+
See LICENSE.rdoc for details.
|
data/features/support/env.rb
CHANGED
data/lib/rack/csrf/version.rb
CHANGED
data/lib/rack/csrf.rb
CHANGED
|
@@ -1,8 +1,22 @@
|
|
|
1
|
-
|
|
1
|
+
begin
|
|
2
|
+
require 'rack/version'
|
|
3
|
+
rescue LoadError
|
|
4
|
+
require 'rack'
|
|
5
|
+
else
|
|
6
|
+
if Rack.release >= '2.3'
|
|
7
|
+
require 'rack/request'
|
|
8
|
+
require 'rack/utils'
|
|
9
|
+
else
|
|
10
|
+
require 'rack'
|
|
11
|
+
end
|
|
12
|
+
end
|
|
2
13
|
require 'securerandom'
|
|
3
14
|
|
|
4
15
|
module Rack
|
|
5
16
|
class Csrf
|
|
17
|
+
CONTENT_TYPE = (Rack.release >= '2.3' ? 'content-type' : 'Content-Type').freeze
|
|
18
|
+
CONTENT_LENGTH = (Rack.release >= '2.3' ? 'content-length' : 'Content-Length').freeze
|
|
19
|
+
|
|
6
20
|
class SessionUnavailable < StandardError; end
|
|
7
21
|
class InvalidCsrfToken < StandardError; end
|
|
8
22
|
|
|
@@ -38,7 +52,7 @@ module Rack
|
|
|
38
52
|
@app.call(env)
|
|
39
53
|
else
|
|
40
54
|
fail InvalidCsrfToken if @raise_if_invalid
|
|
41
|
-
[403, {
|
|
55
|
+
[403, {CONTENT_TYPE => 'text/html', CONTENT_LENGTH => '0'}, []]
|
|
42
56
|
end
|
|
43
57
|
end
|
|
44
58
|
|
data/rack_csrf.gemspec
CHANGED
|
@@ -40,7 +40,7 @@ Gem::Specification.new do |spec|
|
|
|
40
40
|
|
|
41
41
|
spec.add_development_dependency 'bundler', '>= 1.0.0'
|
|
42
42
|
spec.add_development_dependency 'rake'
|
|
43
|
-
spec.add_development_dependency 'cucumber', '~>
|
|
43
|
+
spec.add_development_dependency 'cucumber', '~> 3.0'
|
|
44
44
|
spec.add_development_dependency 'rack-test', '>= 0'
|
|
45
45
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
|
46
46
|
spec.add_development_dependency 'rdoc', '>= 2.4.2'
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack_csrf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Emanuele Vicentini
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '
|
|
61
|
+
version: '3.0'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: '
|
|
68
|
+
version: '3.0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rack-test
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -131,9 +131,11 @@ extra_rdoc_files:
|
|
|
131
131
|
- LICENSE.rdoc
|
|
132
132
|
- README.rdoc
|
|
133
133
|
files:
|
|
134
|
+
- ".circleci/config.yml"
|
|
135
|
+
- ".github/dependabot.yml"
|
|
136
|
+
- ".github/workflows/ci.yml"
|
|
134
137
|
- ".gitignore"
|
|
135
138
|
- ".rspec"
|
|
136
|
-
- ".travis.yml"
|
|
137
139
|
- Changelog.md
|
|
138
140
|
- Gemfile
|
|
139
141
|
- LICENSE.rdoc
|
|
@@ -198,12 +200,12 @@ homepage: https://github.com/baldowl/rack_csrf
|
|
|
198
200
|
licenses:
|
|
199
201
|
- MIT
|
|
200
202
|
metadata: {}
|
|
201
|
-
post_install_message:
|
|
203
|
+
post_install_message:
|
|
202
204
|
rdoc_options:
|
|
203
205
|
- "--line-numbers"
|
|
204
206
|
- "--inline-source"
|
|
205
207
|
- "--title"
|
|
206
|
-
- Rack::Csrf 2.
|
|
208
|
+
- Rack::Csrf 2.7.0
|
|
207
209
|
- "--main"
|
|
208
210
|
- README.rdoc
|
|
209
211
|
require_paths:
|
|
@@ -219,9 +221,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
219
221
|
- !ruby/object:Gem::Version
|
|
220
222
|
version: '0'
|
|
221
223
|
requirements: []
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
signing_key:
|
|
224
|
+
rubygems_version: 3.3.22
|
|
225
|
+
signing_key:
|
|
225
226
|
specification_version: 4
|
|
226
227
|
summary: Anti-CSRF Rack middleware
|
|
227
228
|
test_files:
|
data/.travis.yml
DELETED
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
sudo: false
|
|
2
|
-
|
|
3
|
-
language: ruby
|
|
4
|
-
|
|
5
|
-
rvm:
|
|
6
|
-
- 2.0.0-p648
|
|
7
|
-
- 2.1.10
|
|
8
|
-
- 2.2.6
|
|
9
|
-
- 2.3.3
|
|
10
|
-
- 2.4.0
|
|
11
|
-
|
|
12
|
-
env:
|
|
13
|
-
- TEST_WITH_RACK=1.4.0
|
|
14
|
-
- TEST_WITH_RACK=1.5.0
|
|
15
|
-
- TEST_WITH_RACK=1.6.0
|
|
16
|
-
- TEST_WITH_RACK=2.0.0
|
|
17
|
-
|
|
18
|
-
matrix:
|
|
19
|
-
exclude:
|
|
20
|
-
- rvm: 2.0.0-p648
|
|
21
|
-
env: TEST_WITH_RACK=2.0.0
|
|
22
|
-
- rvm: 2.1.10
|
|
23
|
-
env: TEST_WITH_RACK=2.0.0
|
|
24
|
-
|
|
25
|
-
script: bundle exec rake spec features
|