rack_csrf 1.1.0 → 1.1.1

data/README.rdoc

@@ -4,6 +4,9 @@ This is just a small Rack middleware whose only goal is to lessen the hazards
 posed by CSRF attacks by trying to ensure that all requests of particular
 types come from the right client, not from a mischievous impersonator.
 
+Rack::Csrf is not tailored to any particular web framework, so it can be used
+with your preferred Rack-based framework.
+
 == Usage
 
 First of all, beyond Rack itself, there is only one prerequisite: you must set
@@ -23,10 +26,12 @@ possibly work.
 The following options allow you to tweak Rack::Csrf.
 
 [<tt>:raise</tt>]
-  Set it to true to change the handling of bad request: instead of producing
+  Set it to true to change the handling of bad requests: instead of producing
   an empty response, Rack::Csrf will raise an exception of class
   Rack::Csrf::InvalidCsrfToken.
 
+    use Rack::Csrf, :raise => true
+
   Default value: false.
 
 [<tt>:skip</tt>]
@@ -46,11 +51,17 @@ The following options allow you to tweak Rack::Csrf.
   Default field name (see below) is <tt>_csrf</tt>; you can adapt it to
   specific needs.
 
+    use Rack::Csrf, :field => '_my_own_csrf_field'
+
+  Default value: _csrf
+
 [<tt>:browser_only</tt>]
   Set it to true to inspect only requests with Content-Type typically produced
-  only by web browser. This means that curl, Active Resource, etc. can send
+  only by web browsers. This means that curl, Active Resource, etc. can send
   any request without worring about the token.
 
+    use Rack::Csrf, :browser_only => true
+
   Default value: false.
 
 == Helpers
@@ -73,9 +84,23 @@ token.
 
 == Working examples
 
-In the +example+ directory there is a mini Sinatra application with two
-slightly different rackup files. Beside Rack you only need Sinatra to try
-them, but Rack::Csrf is not tailored to any particular web framework.
+In the +examples+ directory there are some small, working web applications
+written with different Rack-based frameworks. They are named after the used
+framework; see the various README files for other details.
+
+== Contributing
+
+If you want to help:
+
+* fork the project[http://github.com/baldowl/rack_csrf] on GitHub;
+* work in a topic branch;
+* add features/specs for your additions or bug fixes;
+* write your additions/bug fixes;
+* commit;
+* send me a pull request for the topic branch.
+
+If you have any issue, please post them on the {project's issue
+list}[http://github.com/baldowl/rack_csrf] on GitHub.
 
 == Warning! Warning! Warning!
 

data/Rakefile

@@ -1,30 +1,47 @@
 require 'rake/clean'
 require 'cucumber/rake/task'
 require 'spec/rake/spectask'
-require 'echoe'
+require 'rake/rdoctask'
+require 'jeweler'
 
-Cucumber::Rake::Task.new do |c|
+Cucumber::Rake::Task.new :features do |c|
   c.cucumber_opts = '--profile default'
 end
 
+task :features => :check_dependencies
+task :default => :features
+
 Spec::Rake::SpecTask.new do |t|
   t.spec_opts = %w(-O spec/spec.opts)
 end
 
-Echoe.new('rack_csrf', '1.1.0') do |s|
-  s.author = 'Emanuele Vicentini'
-  s.email = 'emanuele.vicentini@gmail.com'
-  s.summary = 'Anti-CSRF Rack middleware'
-  s.runtime_dependencies = ['rack >=0.9']
-  s.development_dependencies = ['rake >=0.8.2', 'cucumber >=1.1.13', 'rspec', 'echoe']
-  s.need_tar_gz = false
-  s.project = 'rackcsrf'
-  s.gemspec_format = :yaml
-  s.retain_gemspec = true
-  s.rdoc_pattern = /^README|^LICENSE/
-  s.url = 'http://github.com/baldowl/rack_csrf'
+task :spec => :check_dependencies
+task :default => :spec
+
+version = File.exists?('VERSION') ? File.read('VERSION').strip : ''
+
+Rake::RDocTask.new :doc do |rdoc|
+  rdoc.rdoc_dir = 'doc'
+  rdoc.title = "Rack::Csrf #{version}"
+  rdoc.rdoc_files.include('README.rdoc', 'LICENSE.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Jeweler::Tasks.new do |gem|
+  gem.name = 'rack_csrf'
+  gem.summary = 'Anti-CSRF Rack middleware'
+  gem.description = 'Anti-CSRF Rack middleware'
+  gem.email = 'emanuele.vicentini@gmail.com'
+  gem.homepage = 'http://github.com/baldowl/rack_csrf'
+  gem.authors = ['Emanuele Vicentini']
+  gem.rubyforge_project = 'rackcsrf'
+  gem.add_dependency 'rack', '>= 0.9'
+  gem.add_development_dependency 'cucumber', '>= 0.1.13'
+  gem.add_development_dependency 'rspec'
+  gem.rdoc_options << '--line-numbers' << '--inline-source' << '--title' <<
+    "Rack::Csrf #{version}" << '--main' << 'README.rdoc'
+  gem.test_files.clear
 end
 
-Rake::Task[:default].clear
-Rake::Task.tasks.each {|t| t.clear if t.name =~ /test/}
-task :default => [:features, :spec]
+Jeweler::RubyforgeTasks.new
+Jeweler::GemcutterTasks.new

data/VERSION

@@ -0,0 +1 @@
+1.1.1

data/examples/innate/README.rdoc

@@ -0,0 +1,13 @@
+= How to use Rack::Csrf with Innate
+
+These are two mini, slightly different, Innate applications. You only need
+Innate to try them.
+
+    $ sudo gem install manveru-innate --source http://gems.github.com
+    $ ruby start.rb
+    $ ruby start-with-raise.rb
+
+Tested with Innate 2009.07.
+
+Please, note that Innate is, to some extent, the kernel of Ramaze; "upgrading"
+these examples to use Ramaze is left as an exercise to the reader :-)

data/examples/innate/app.rb

@@ -0,0 +1,10 @@
+class LittleApp
+  Innate.node '/'
+
+  provide :html, :engine => :ERB
+
+  def response
+    redirect_referer unless request.post?
+    @utterance, @csrf = request[:utterance, Rack::Csrf.csrf_field]
+  end
+end

data/examples/innate/start-with-raise.rb

@@ -0,0 +1,14 @@
+require 'rubygems'
+require 'innate'
+
+$: << File.join(File.dirname(__FILE__), '../../lib')
+require 'rack/csrf'
+
+require 'app'
+
+Innate.start do |m|
+  m.use Rack::ShowExceptions
+  m.use Rack::Session::Cookie
+  m.use Rack::Csrf, :raise => true
+  m.innate
+end

data/examples/innate/start.rb

@@ -0,0 +1,13 @@
+require 'rubygems'
+require 'innate'
+
+$: << File.join(File.dirname(__FILE__), '../../lib')
+require 'rack/csrf'
+
+require 'app'
+
+Innate.start do |m|
+  m.use Rack::Session::Cookie
+  m.use Rack::Csrf
+  m.innate
+end

data/examples/innate/view/index.erb

@@ -0,0 +1,8 @@
+<form action="/response" method="post">
+  <h1>Spit your utterance!</h1>
+  <input type="text" name="utterance">
+  <%= Rack::Csrf.csrf_tag(request.env) %>
+  <p><input type="submit" value="Send!"></p>
+</form>
+
+<p>Try also the <a href="/notworking">not working</a> form!</p>

data/examples/innate/view/response.erb

@@ -0,0 +1,5 @@
+<p>It seems you've just said: <em><%= @utterance %></em></p>
+
+<p>Here's the anti-CSRF token stuffed in the session: <strong><%= @csrf %></strong></p>
+
+<p><a href='/'>Back</a></p>

data/examples/rack/README.rdoc

@@ -0,0 +1,10 @@
+= How to use Rack::Csrf with Rack
+
+This is a mini Rack application with two slightly different rackup files. You
+only need Rack to try them.
+
+    $ sudo gem install rack
+    $ thin -R config.ru -p 3000 start
+    $ thin -R config-with-raise.ru -p 3000 start
+
+Tested with Rack 1.0.0.

data/examples/rack/app.rb

@@ -0,0 +1,45 @@
+class LittleApp
+  @form = ERB.new <<-EOT
+    <form action="/response" method="post">
+      <h1>Spit your utterance!</h1>
+      <input type="text" name="utterance">
+      <%= Rack::Csrf.csrf_tag(env) %>
+      <p><input type="submit" value="Send!"></p>
+    </form>
+
+    <p>Try also the <a href="/notworking">not working</a> form!</p>
+  EOT
+
+  @form_not_working = ERB.new <<-EOT
+    <form action="/response" method="post">
+      <h1>Spit your utterance!</h1>
+      <input type="text" name="utterance">
+      <p><input type="submit" value="Send!"></p>
+    </form>
+
+    <p>Try also the <a href="/">working</a> form!</p>
+  EOT
+
+  @response = ERB.new <<-EOT
+    <p>It seems you've just said: <em><%= utterance %></em></p>
+
+    <p>Here's the anti-CSRF token stuffed in the session: <strong><%= csrf %></strong></p>
+
+    <p><a href='/'>Back</a></p>
+  EOT
+
+  def self.call env
+    req = Rack::Request.new env
+    if req.get?
+      if req.path_info == '/notworking'
+        Rack::Response.new(@form_not_working.result(binding)).finish
+      else
+        Rack::Response.new(@form.result(binding)).finish
+      end
+    elsif req.post?
+      utterance = req['utterance']
+      csrf = req[Rack::Csrf.csrf_field]
+      Rack::Response.new(@response.result(binding)).finish
+    end
+  end
+end

data/examples/rack/config-with-raise.ru

@@ -0,0 +1,11 @@
+$: << File.join(File.dirname(__FILE__), '../../lib')
+require 'rack/csrf'
+
+require 'erb'
+require 'app'
+
+use Rack::ShowExceptions
+use Rack::Session::Cookie
+use Rack::Csrf, :raise => true
+
+run LittleApp

data/examples/rack/config.ru

@@ -0,0 +1,10 @@
+$: << File.join(File.dirname(__FILE__), '../../lib')
+require 'rack/csrf'
+
+require 'erb'
+require 'app'
+
+use Rack::Session::Cookie
+use Rack::Csrf
+
+run LittleApp

data/examples/sinatra/README.rdoc

@@ -0,0 +1,10 @@
+= How to use Rack::Csrf with Sinatra
+
+This is a mini Sinatra application with two slightly different rackup files.
+Beside Rack you only need Sinatra to try them.
+
+    $ sudo gem install sinatra
+    $ thin -R config.ru -p 3000 start
+    $ thin -R config-with-raise.ru -p 3000 start
+
+Tested with Sinatra 0.9.4.

data/{example → examples/sinatra}/config-with-raise.ru

@@ -1,5 +1,6 @@
 require 'sinatra'
-require File.dirname(__FILE__) + '/../lib/rack/csrf'
+$: << File.join(File.dirname(__FILE__), '../../lib')
+require 'rack/csrf'
 
 require 'erb'
 require 'app'

data/{example → examples/sinatra}/config.ru

@@ -1,5 +1,6 @@
 require 'sinatra'
-require File.dirname(__FILE__) + '/../lib/rack/csrf'
+$: << File.join(File.dirname(__FILE__), '../../lib')
+require 'rack/csrf'
 
 require 'erb'
 require 'app'

data/examples/sinatra/views/form_not_working.erb

@@ -0,0 +1,7 @@
+<form action="/response" method="post">
+  <h1>Spit your utterance!</h1>
+  <input type="text" name="utterance">
+  <p><input type="submit" value="Send!"></p>
+</form>
+
+<p>Try also the <a href="/">working</a> form!</p>

data/features/browser_only.feature

@@ -14,7 +14,7 @@ Feature: Filtering only browser generated requests
   Scenario Outline: Handling request without CSRF token
     Given a rack with the anti-CSRF middleware and the :browser_only option
     When it receives a <method> request without the CSRF token from a browser
-    Then it responds with 417
+    Then it responds with 403
     And the response body is empty
 
     Examples:

data/features/empty_responses.feature

@@ -13,7 +13,7 @@ Feature: Handling of the HTTP requests returning an empty response
   Scenario Outline: Handling request without CSRF token
     Given a rack with the anti-CSRF middleware
     When it receives a <method> request without the CSRF token
-    Then it responds with 417
+    Then it responds with 403
     And the response body is empty
 
     Examples:
@@ -36,7 +36,7 @@ Feature: Handling of the HTTP requests returning an empty response
   Scenario Outline: Handling request with the wrong CSRF token
     Given a rack with the anti-CSRF middleware
     When it receives a <method> request with the wrong CSRF token
-    Then it responds with 417
+    Then it responds with 403
     And the response body is empty
 
     Examples:

data/features/skip_some_routes.feature

@@ -26,7 +26,7 @@ Feature: Skipping the check for some specific routes
       | POST:/not_.*\.json   |
       | DELETE:/cars/.*\.xml |
     When it receives a <method> request for <path> without the CSRF token
-    Then it responds with 417
+    Then it responds with 403
     And the response body is empty
 
     Examples:

data/features/support/env.rb

@@ -1,16 +1,9 @@
 require 'rubygems'
 require 'spec/expectations'
 
-require File.dirname(__FILE__) + "/../../lib/rack/csrf"
+$: << File.join(File.dirname(__FILE__), '../../lib')
+$: << File.join(File.dirname(__FILE__))
 
-# Simulated session used just to be able to insert data into it without seeing
-# them wiped out.
-class FakeSession
-  def initialize(app)
-    @app = app
-  end
-  def call(env)
-    env['rack.session'] ||= Hash.new
-    @app.call(env)
-  end
-end
+require 'rack/csrf'
+
+require 'fake_session'

data/features/support/fake_session.rb

@@ -0,0 +1,11 @@
+# Simulated session used just to be able to insert data into it without seeing
+# them wiped out.
+class FakeSession
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    env['rack.session'] ||= Hash.new
+    @app.call(env)
+  end
+end

data/features/variation_on_field_name.feature

@@ -19,7 +19,7 @@ Feature: Customization of the field name
   Scenario Outline: Handling request with the wrong CSRF token in custom field
     Given a rack with the anti-CSRF middleware and the :field option
     When it receives a <method> request with the wrong CSRF token
-    Then it responds with 417
+    Then it responds with 403
     And the response body is empty
 
     Examples:

data/lib/rack/csrf.rb

@@ -40,7 +40,7 @@ module Rack
         @app.call(env)
       else
         raise InvalidCsrfToken if @raisable
-        [417, {'Content-Type' => 'text/html', 'Content-Length' => '0'}, []]
+        [403, {'Content-Type' => 'text/html', 'Content-Length' => '0'}, []]
       end
     end
 

data/rack_csrf.gemspec

@@ -1,133 +1,86 @@
---- !ruby/object:Gem::Specification 
-name: rack_csrf
-version: !ruby/object:Gem::Version 
-  version: 1.1.0
-platform: ruby
-authors: 
-- Emanuele Vicentini
-autorequire: 
-bindir: bin
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
 
-date: 2009-05-22 00:00:00 +02:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  name: rack
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0.9"
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: rake
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 0.8.2
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: cucumber
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 1.1.13
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: rspec
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: echoe
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
-description: Anti-CSRF Rack middleware
-email: emanuele.vicentini@gmail.com
-executables: []
+Gem::Specification.new do |s|
+  s.name = %q{rack_csrf}
+  s.version = "1.1.1"
 
-extensions: []
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Emanuele Vicentini"]
+  s.date = %q{2009-10-15}
+  s.description = %q{Anti-CSRF Rack middleware}
+  s.email = %q{emanuele.vicentini@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE.rdoc",
+     "README.rdoc"
+  ]
+  s.files = [
+    "LICENSE.rdoc",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "cucumber.yml",
+     "examples/innate/README.rdoc",
+     "examples/innate/app.rb",
+     "examples/innate/start-with-raise.rb",
+     "examples/innate/start.rb",
+     "examples/innate/view/index.erb",
+     "examples/innate/view/notworking.erb",
+     "examples/innate/view/response.erb",
+     "examples/rack/README.rdoc",
+     "examples/rack/app.rb",
+     "examples/rack/config-with-raise.ru",
+     "examples/rack/config.ru",
+     "examples/sinatra/README.rdoc",
+     "examples/sinatra/app.rb",
+     "examples/sinatra/config-with-raise.ru",
+     "examples/sinatra/config.ru",
+     "examples/sinatra/views/form.erb",
+     "examples/sinatra/views/form_not_working.erb",
+     "examples/sinatra/views/response.erb",
+     "features/browser_only.feature",
+     "features/empty_responses.feature",
+     "features/raising_exception.feature",
+     "features/setup.feature",
+     "features/skip_some_routes.feature",
+     "features/step_definitions/request_steps.rb",
+     "features/step_definitions/response_steps.rb",
+     "features/step_definitions/setup_steps.rb",
+     "features/support/env.rb",
+     "features/support/fake_session.rb",
+     "features/variation_on_field_name.feature",
+     "lib/rack/csrf.rb",
+     "lib/rack/vendor/securerandom.rb",
+     "rack_csrf.gemspec",
+     "spec/csrf_spec.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/baldowl/rack_csrf}
+  s.rdoc_options = ["--charset=UTF-8", "--line-numbers", "--inline-source", "--title", "Rack::Csrf 1.1.1", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{rackcsrf}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Anti-CSRF Rack middleware}
 
-extra_rdoc_files: 
-- LICENSE.rdoc
-- README.rdoc
-files: 
-- cucumber.yml
-- example/app.rb
-- example/config-with-raise.ru
-- example/config.ru
-- example/views/form.erb
-- example/views/form_not_working.erb
-- example/views/response.erb
-- features/browser_only.feature
-- features/empty_responses.feature
-- features/raising_exception.feature
-- features/setup.feature
-- features/skip_some_routes.feature
-- features/step_definitions/request_steps.rb
-- features/step_definitions/response_steps.rb
-- features/step_definitions/setup_steps.rb
-- features/support/env.rb
-- features/variation_on_field_name.feature
-- lib/rack/csrf.rb
-- lib/rack/vendor/securerandom.rb
-- LICENSE.rdoc
-- Manifest
-- rack_csrf.gemspec
-- Rakefile
-- README.rdoc
-- spec/csrf_spec.rb
-- spec/spec.opts
-- spec/spec_helper.rb
-has_rdoc: true
-homepage: http://github.com/baldowl/rack_csrf
-licenses: []
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
 
-post_install_message: 
-rdoc_options: 
-- --line-numbers
-- --inline-source
-- --title
-- Rack_csrf
-- --main
-- README.rdoc
-require_paths: 
-- lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "1.2"
-  version: 
-requirements: []
-
-rubyforge_project: rackcsrf
-rubygems_version: 1.3.3
-specification_version: 3
-summary: Anti-CSRF Rack middleware
-test_files: []
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rack>, [">= 0.9"])
+      s.add_development_dependency(%q<cucumber>, [">= 0.1.13"])
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+    else
+      s.add_dependency(%q<rack>, [">= 0.9"])
+      s.add_dependency(%q<cucumber>, [">= 0.1.13"])
+      s.add_dependency(%q<rspec>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rack>, [">= 0.9"])
+    s.add_dependency(%q<cucumber>, [">= 0.1.13"])
+    s.add_dependency(%q<rspec>, [">= 0"])
+  end
+end

data/spec/csrf_spec.rb

@@ -1,13 +1,13 @@
-require File.dirname(__FILE__) + '/spec_helper.rb'
+require File.join(File.dirname(__FILE__), 'spec_helper.rb')
 
 describe Rack::Csrf do
   describe '#csrf_field' do
-    it "should be '_csrf'" do
+    it "should be '_csrf' by default" do
       Rack::Csrf.csrf_field.should == '_csrf'
     end
 
     it "should be the value of :field option" do
-      fakeapp = [200, {}, []]
+      fakeapp = lambda {|env| [200, {}, []]}
       Rack::Csrf.new fakeapp, :field => 'whatever'
       Rack::Csrf.csrf_field.should == 'whatever'
     end
@@ -22,25 +22,31 @@ describe Rack::Csrf do
       Rack::Csrf.csrf_token(@env).length.should >= 32
     end
 
-    it 'should store the token inside the session if it is not already there' do
-      @env['rack.session'].should be_empty
-      Rack::Csrf.csrf_token(@env)
-      @env['rack.session'].should_not be_empty
-      @env['rack.session']['csrf.token'].should_not be_empty
+    context 'when the session does not already contain the token' do
+      it 'should store the token inside the session' do
+        @env['rack.session'].should be_empty
+        csrf_token = Rack::Csrf.csrf_token(@env)
+        @env['rack.session'].should_not be_empty
+        @env['rack.session']['csrf.token'].should_not be_empty
+        csrf_token.should == @env['rack.session']['csrf.token']
+      end
     end
 
-    it 'should get the token from the session if it is already there' do
-      @env['rack.session'].should be_empty
-      csrf_token = Rack::Csrf.csrf_token(@env)
-      csrf_token.should == @env['rack.session']['csrf.token']
-      csrf_token.should == Rack::Csrf.csrf_token(@env)
+    context 'when the session already contains the token' do
+      before do
+        Rack::Csrf.csrf_token @env
+      end
+      it 'should get the token from the session' do
+        @env['rack.session'].should_not be_empty
+        @env['rack.session']['csrf.token'].should == Rack::Csrf.csrf_token(@env)
+      end
     end
   end
 
   describe '#csrf_tag' do
     before do
       @env = {'rack.session' => {}}
-      fakeapp = [200, {}, []]
+      fakeapp = lambda {|env| [200, {}, []]}
       Rack::Csrf.new fakeapp, :field => 'whatever'
       @tag = Rack::Csrf.csrf_tag(@env)
     end

data/spec/spec_helper.rb

@@ -1,4 +1,6 @@
 require 'rubygems'
 require 'spec'
 
-require File.dirname(__FILE__) + '/../lib/rack/csrf'
+$: << File.join(File.dirname(__FILE__), '../lib')
+
+require 'rack/csrf'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: rack_csrf
 version: !ruby/object:Gem::Version 
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors: 
 - Emanuele Vicentini
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-22 00:00:00 +02:00
+date: 2009-10-15 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -22,16 +22,6 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: "0.9"
     version: 
-- !ruby/object:Gem::Dependency 
-  name: rake
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 0.8.2
-    version: 
 - !ruby/object:Gem::Dependency 
   name: cucumber
   type: :development
@@ -40,7 +30,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.1.13
+        version: 0.1.13
     version: 
 - !ruby/object:Gem::Dependency 
   name: rspec
@@ -52,16 +42,6 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: "0"
     version: 
-- !ruby/object:Gem::Dependency 
-  name: echoe
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
 description: Anti-CSRF Rack middleware
 email: emanuele.vicentini@gmail.com
 executables: []
@@ -72,13 +52,29 @@ extra_rdoc_files:
 - LICENSE.rdoc
 - README.rdoc
 files: 
+- LICENSE.rdoc
+- README.rdoc
+- Rakefile
+- VERSION
 - cucumber.yml
-- example/app.rb
-- example/config-with-raise.ru
-- example/config.ru
-- example/views/form.erb
-- example/views/form_not_working.erb
-- example/views/response.erb
+- examples/innate/README.rdoc
+- examples/innate/app.rb
+- examples/innate/start-with-raise.rb
+- examples/innate/start.rb
+- examples/innate/view/index.erb
+- examples/innate/view/notworking.erb
+- examples/innate/view/response.erb
+- examples/rack/README.rdoc
+- examples/rack/app.rb
+- examples/rack/config-with-raise.ru
+- examples/rack/config.ru
+- examples/sinatra/README.rdoc
+- examples/sinatra/app.rb
+- examples/sinatra/config-with-raise.ru
+- examples/sinatra/config.ru
+- examples/sinatra/views/form.erb
+- examples/sinatra/views/form_not_working.erb
+- examples/sinatra/views/response.erb
 - features/browser_only.feature
 - features/empty_responses.feature
 - features/raising_exception.feature
@@ -88,14 +84,11 @@ files:
 - features/step_definitions/response_steps.rb
 - features/step_definitions/setup_steps.rb
 - features/support/env.rb
+- features/support/fake_session.rb
 - features/variation_on_field_name.feature
 - lib/rack/csrf.rb
 - lib/rack/vendor/securerandom.rb
-- LICENSE.rdoc
-- Manifest
 - rack_csrf.gemspec
-- Rakefile
-- README.rdoc
 - spec/csrf_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
@@ -105,10 +98,11 @@ licenses: []
 
 post_install_message: 
 rdoc_options: 
+- --charset=UTF-8
 - --line-numbers
 - --inline-source
 - --title
-- Rack_csrf
+- Rack::Csrf 1.1.1
 - --main
 - README.rdoc
 require_paths: 
@@ -123,12 +117,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      version: "1.2"
+      version: "0"
   version: 
 requirements: []
 
 rubyforge_project: rackcsrf
-rubygems_version: 1.3.3
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
 summary: Anti-CSRF Rack middleware

data/Manifest

@@ -1,27 +0,0 @@
-cucumber.yml
-example/app.rb
-example/config-with-raise.ru
-example/config.ru
-example/views/form.erb
-example/views/form_not_working.erb
-example/views/response.erb
-features/browser_only.feature
-features/empty_responses.feature
-features/raising_exception.feature
-features/setup.feature
-features/skip_some_routes.feature
-features/step_definitions/request_steps.rb
-features/step_definitions/response_steps.rb
-features/step_definitions/setup_steps.rb
-features/support/env.rb
-features/variation_on_field_name.feature
-lib/rack/csrf.rb
-lib/rack/vendor/securerandom.rb
-LICENSE.rdoc
-Manifest
-rack_csrf.gemspec
-Rakefile
-README.rdoc
-spec/csrf_spec.rb
-spec/spec.opts
-spec/spec_helper.rb