rack_csrf 2.6.0 → 2.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 7481a1058bae8d7a4fef4806a5fb72599cc3b724
4
- data.tar.gz: 0af8b6cec94f2ca0703cb72478199e30aa60fc17
2
+ SHA256:
3
+ metadata.gz: 5063e661614ec782c33a22dc458d7f6a6d89be5a59c6c08297bc1cdc2f9675aa
4
+ data.tar.gz: 4b2b7c1208e605a314ddcb581268b32eb214bb791be52d7875bc37e2b1258abf
5
5
  SHA512:
6
- metadata.gz: d5c1d649719acfc69b42e0a9760f9021e313cab550efff436d988ad4886646312ece6ae6ecd672546011848382924e402364d9454cbc844e5ea2bc2f6cb842c6
7
- data.tar.gz: 25d4bec6bb2489c6999d0db1f9bd4969ebde37b9533b496c4ccde981c55949ee8922984feda32a56ec342d22de428c33a4be18204b8641d468b27594913d1a7c
6
+ metadata.gz: 21e09bf5ee433e1c9feea3ed29de30e7ff05c3a3c9d6bca35b2feeea8c0686e203c4c4f01fdff11eee8029b4094f32f26a9965b6918e03e5137b5db0eaafd61d
7
+ data.tar.gz: fa1aaa6fa9002de2519566b07aeb542fc91a1f0824030db83f384f182971a36c9b78fbf463a09230f17f116d6d7cd2e1347f97a65102c801cd557dfd404e59f0
@@ -0,0 +1,30 @@
1
+ version: 2.1
2
+
3
+ jobs:
4
+ run_tests:
5
+ parameters:
6
+ ruby_version:
7
+ description: "Version of Ruby to run tests in"
8
+ type: string
9
+ rack_version:
10
+ description: "More or less the Rack version we want to test against"
11
+ type: string
12
+ environment:
13
+ TEST_WITH_RACK: << parameters.rack_version >>
14
+ docker:
15
+ - image: ruby:<< parameters.ruby_version >>
16
+ steps:
17
+ - checkout
18
+ - run: bundle install
19
+ - run: bundle exec rake spec
20
+ - run: bundle exec rake features
21
+
22
+ workflows:
23
+ version: 2
24
+ test:
25
+ jobs:
26
+ - run_tests:
27
+ matrix:
28
+ parameters:
29
+ ruby_version: ["2.7", "3.0", "3.1"]
30
+ rack_version: ["1.6.0", "2.1.0", "2.2.0", "3.0.0"]
@@ -0,0 +1,11 @@
1
+ version: 2
2
+
3
+ updates:
4
+ - package-ecosystem: "bundler"
5
+ directory: "/"
6
+ schedule:
7
+ interval: "weekly"
8
+ - package-ecosystem: "github-actions"
9
+ directory: "/"
10
+ schedule:
11
+ interval: "weekly"
@@ -0,0 +1,35 @@
1
+ name: CI
2
+
3
+ on:
4
+ - pull_request
5
+ - push
6
+ - workflow_dispatch
7
+
8
+ permissions:
9
+ contents: read
10
+
11
+ jobs:
12
+ tests:
13
+ strategy:
14
+ matrix:
15
+ ruby_version:
16
+ - "2.7"
17
+ - "3.0"
18
+ - "3.1"
19
+ rack_version:
20
+ - "1.6.0"
21
+ - "2.1.0"
22
+ - "2.2.0"
23
+ - "3.0.0"
24
+ name: Ruby ~> ${{ matrix.ruby_version }}; Rack ~> ${{ matrix.rack_version }}
25
+ runs-on: ubuntu-latest
26
+ env:
27
+ TEST_WITH_RACK: ${{ matrix.rack_version }}
28
+ steps:
29
+ - uses: actions/checkout@v3
30
+ - uses: ruby/setup-ruby@v1
31
+ with:
32
+ ruby-version: ${{ matrix.ruby_version }}
33
+ bundler-cache: true
34
+ - run: bundle exec rake spec
35
+ - run: bundle exec rake features
data/Changelog.md CHANGED
@@ -1,3 +1,8 @@
1
+ # v2.7.0 (2022-09-10)
2
+
3
+ Many little, negligible, changes, plus support for Rake 3 (courtesy of
4
+ [jeremyevans](https://github.com/jeremyevans) :trophy:)
5
+
1
6
  # v2.6.0 (2016-12-31)
2
7
 
3
8
  Many little, internal, changes; the important ones are:
data/LICENSE.rdoc CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  (The MIT License)
4
4
 
5
- Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016 Emanuele Vicentini
5
+ Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016, 2022 Emanuele Vicentini
6
6
 
7
7
  Permission is hereby granted, free of charge, to any person obtaining a copy
8
8
  of this software and associated documentation files (the 'Software'), to deal
data/README.rdoc CHANGED
@@ -1,4 +1,4 @@
1
- = Rack::Csrf {<img src="https://travis-ci.org/baldowl/rack_csrf.png?branch=master" alt="Build Status" />}[https://travis-ci.org/baldowl/rack_csrf] {<img src="https://badge.fury.io/rb/rack_csrf.png" alt="Gem Version" />}[http://badge.fury.io/rb/rack_csrf]
1
+ = Rack::Csrf {<img src="https://circleci.com/gh/baldowl/rack_csrf.svg?style=svg" alt="CircleCI" />}[https://circleci.com/gh/baldowl/rack_csrf] {<img src="https://github.com/baldowl/rack_csrf/actions/workflows/ci.yml/badge.svg?branch=master" alt="Actions Status: CI" />}[https://github.com/baldowl/rack_csrf/actions?query=workflow%3ACI+branch%3Amaster] {<img src="https://badge.fury.io/rb/rack_csrf.svg" alt="Gem Version" />}[http://badge.fury.io/rb/rack_csrf]
2
2
 
3
3
  This is just a small Rack middleware whose only goal is to lessen the hazards
4
4
  posed by CSRF attacks by trying to ensure that all requests of particular
@@ -193,8 +193,9 @@ framework; see the various README files for other details.
193
193
  == Supported Rubies and Racks
194
194
 
195
195
  The gemspec shows the minimum Ruby and Rack versions, but Rack::Csrf is
196
- tested only with the Rubies and Racks you can see in +.travis.yml+. It could
197
- work also with older versions, but I decided not to test it against
196
+ tested only with the Rubies and Racks you can see in
197
+ <tt>.circleci/config.yml</tt> and/or <tt>.github/workflows/ci.yml</tt>. It
198
+ could work also with older versions, but I decided not to test it against
198
199
  unsupported Rubies and Racks.
199
200
 
200
201
  == Contributing
@@ -219,5 +220,5 @@ forgo responsibilities for keeping your application as safe as possible.
219
220
 
220
221
  == Copyright
221
222
 
222
- Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016 Emanuele Vicentini. See
223
- LICENSE.rdoc for details.
223
+ Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016, 2022 Emanuele Vicentini.
224
+ See LICENSE.rdoc for details.
@@ -3,3 +3,5 @@ require 'rspec'
3
3
  require 'rack/test'
4
4
 
5
5
  require 'rack/csrf'
6
+ require 'rack/builder'
7
+ require 'rack/lint'
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class Csrf
3
- VERSION = '2.6.0'
3
+ VERSION = '2.7.0'
4
4
  end
5
5
  end
data/lib/rack/csrf.rb CHANGED
@@ -1,8 +1,22 @@
1
- require 'rack'
1
+ begin
2
+ require 'rack/version'
3
+ rescue LoadError
4
+ require 'rack'
5
+ else
6
+ if Rack.release >= '2.3'
7
+ require 'rack/request'
8
+ require 'rack/utils'
9
+ else
10
+ require 'rack'
11
+ end
12
+ end
2
13
  require 'securerandom'
3
14
 
4
15
  module Rack
5
16
  class Csrf
17
+ CONTENT_TYPE = (Rack.release >= '2.3' ? 'content-type' : 'Content-Type').freeze
18
+ CONTENT_LENGTH = (Rack.release >= '2.3' ? 'content-length' : 'Content-Length').freeze
19
+
6
20
  class SessionUnavailable < StandardError; end
7
21
  class InvalidCsrfToken < StandardError; end
8
22
 
@@ -38,7 +52,7 @@ module Rack
38
52
  @app.call(env)
39
53
  else
40
54
  fail InvalidCsrfToken if @raise_if_invalid
41
- [403, {'Content-Type' => 'text/html', 'Content-Length' => '0'}, []]
55
+ [403, {CONTENT_TYPE => 'text/html', CONTENT_LENGTH => '0'}, []]
42
56
  end
43
57
  end
44
58
 
data/rack_csrf.gemspec CHANGED
@@ -40,7 +40,7 @@ Gem::Specification.new do |spec|
40
40
 
41
41
  spec.add_development_dependency 'bundler', '>= 1.0.0'
42
42
  spec.add_development_dependency 'rake'
43
- spec.add_development_dependency 'cucumber', '~> 2.4'
43
+ spec.add_development_dependency 'cucumber', '~> 3.0'
44
44
  spec.add_development_dependency 'rack-test', '>= 0'
45
45
  spec.add_development_dependency 'rspec', '~> 3.0'
46
46
  spec.add_development_dependency 'rdoc', '>= 2.4.2'
data/spec/spec_helper.rb CHANGED
@@ -2,3 +2,4 @@ require 'rubygems'
2
2
  require 'rspec'
3
3
 
4
4
  require 'rack/csrf'
5
+ require 'rack/mock'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack_csrf
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.6.0
4
+ version: 2.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Emanuele Vicentini
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-12-31 00:00:00.000000000 Z
11
+ date: 2022-09-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '2.4'
61
+ version: '3.0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '2.4'
68
+ version: '3.0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rack-test
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -131,9 +131,11 @@ extra_rdoc_files:
131
131
  - LICENSE.rdoc
132
132
  - README.rdoc
133
133
  files:
134
+ - ".circleci/config.yml"
135
+ - ".github/dependabot.yml"
136
+ - ".github/workflows/ci.yml"
134
137
  - ".gitignore"
135
138
  - ".rspec"
136
- - ".travis.yml"
137
139
  - Changelog.md
138
140
  - Gemfile
139
141
  - LICENSE.rdoc
@@ -198,12 +200,12 @@ homepage: https://github.com/baldowl/rack_csrf
198
200
  licenses:
199
201
  - MIT
200
202
  metadata: {}
201
- post_install_message:
203
+ post_install_message:
202
204
  rdoc_options:
203
205
  - "--line-numbers"
204
206
  - "--inline-source"
205
207
  - "--title"
206
- - Rack::Csrf 2.6.0
208
+ - Rack::Csrf 2.7.0
207
209
  - "--main"
208
210
  - README.rdoc
209
211
  require_paths:
@@ -219,9 +221,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
219
221
  - !ruby/object:Gem::Version
220
222
  version: '0'
221
223
  requirements: []
222
- rubyforge_project:
223
- rubygems_version: 2.6.8
224
- signing_key:
224
+ rubygems_version: 3.3.22
225
+ signing_key:
225
226
  specification_version: 4
226
227
  summary: Anti-CSRF Rack middleware
227
228
  test_files:
data/.travis.yml DELETED
@@ -1,25 +0,0 @@
1
- sudo: false
2
-
3
- language: ruby
4
-
5
- rvm:
6
- - 2.0.0-p648
7
- - 2.1.10
8
- - 2.2.6
9
- - 2.3.3
10
- - 2.4.0
11
-
12
- env:
13
- - TEST_WITH_RACK=1.4.0
14
- - TEST_WITH_RACK=1.5.0
15
- - TEST_WITH_RACK=1.6.0
16
- - TEST_WITH_RACK=2.0.0
17
-
18
- matrix:
19
- exclude:
20
- - rvm: 2.0.0-p648
21
- env: TEST_WITH_RACK=2.0.0
22
- - rvm: 2.1.10
23
- env: TEST_WITH_RACK=2.0.0
24
-
25
- script: bundle exec rake spec features