rack_csrf 2.6.0 → 2.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.circleci/config.yml +30 -0
- data/.github/dependabot.yml +11 -0
- data/.github/workflows/ci.yml +35 -0
- data/Changelog.md +5 -0
- data/LICENSE.rdoc +1 -1
- data/README.rdoc +6 -5
- data/features/support/env.rb +2 -0
- data/lib/rack/csrf/version.rb +1 -1
- data/lib/rack/csrf.rb +16 -2
- data/rack_csrf.gemspec +1 -1
- data/spec/spec_helper.rb +1 -0
- metadata +12 -11
- data/.travis.yml +0 -25
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 5063e661614ec782c33a22dc458d7f6a6d89be5a59c6c08297bc1cdc2f9675aa
|
|
4
|
+
data.tar.gz: 4b2b7c1208e605a314ddcb581268b32eb214bb791be52d7875bc37e2b1258abf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 21e09bf5ee433e1c9feea3ed29de30e7ff05c3a3c9d6bca35b2feeea8c0686e203c4c4f01fdff11eee8029b4094f32f26a9965b6918e03e5137b5db0eaafd61d
|
|
7
|
+
data.tar.gz: fa1aaa6fa9002de2519566b07aeb542fc91a1f0824030db83f384f182971a36c9b78fbf463a09230f17f116d6d7cd2e1347f97a65102c801cd557dfd404e59f0
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
version: 2.1
|
|
2
|
+
|
|
3
|
+
jobs:
|
|
4
|
+
run_tests:
|
|
5
|
+
parameters:
|
|
6
|
+
ruby_version:
|
|
7
|
+
description: "Version of Ruby to run tests in"
|
|
8
|
+
type: string
|
|
9
|
+
rack_version:
|
|
10
|
+
description: "More or less the Rack version we want to test against"
|
|
11
|
+
type: string
|
|
12
|
+
environment:
|
|
13
|
+
TEST_WITH_RACK: << parameters.rack_version >>
|
|
14
|
+
docker:
|
|
15
|
+
- image: ruby:<< parameters.ruby_version >>
|
|
16
|
+
steps:
|
|
17
|
+
- checkout
|
|
18
|
+
- run: bundle install
|
|
19
|
+
- run: bundle exec rake spec
|
|
20
|
+
- run: bundle exec rake features
|
|
21
|
+
|
|
22
|
+
workflows:
|
|
23
|
+
version: 2
|
|
24
|
+
test:
|
|
25
|
+
jobs:
|
|
26
|
+
- run_tests:
|
|
27
|
+
matrix:
|
|
28
|
+
parameters:
|
|
29
|
+
ruby_version: ["2.7", "3.0", "3.1"]
|
|
30
|
+
rack_version: ["1.6.0", "2.1.0", "2.2.0", "3.0.0"]
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
- pull_request
|
|
5
|
+
- push
|
|
6
|
+
- workflow_dispatch
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
contents: read
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
tests:
|
|
13
|
+
strategy:
|
|
14
|
+
matrix:
|
|
15
|
+
ruby_version:
|
|
16
|
+
- "2.7"
|
|
17
|
+
- "3.0"
|
|
18
|
+
- "3.1"
|
|
19
|
+
rack_version:
|
|
20
|
+
- "1.6.0"
|
|
21
|
+
- "2.1.0"
|
|
22
|
+
- "2.2.0"
|
|
23
|
+
- "3.0.0"
|
|
24
|
+
name: Ruby ~> ${{ matrix.ruby_version }}; Rack ~> ${{ matrix.rack_version }}
|
|
25
|
+
runs-on: ubuntu-latest
|
|
26
|
+
env:
|
|
27
|
+
TEST_WITH_RACK: ${{ matrix.rack_version }}
|
|
28
|
+
steps:
|
|
29
|
+
- uses: actions/checkout@v3
|
|
30
|
+
- uses: ruby/setup-ruby@v1
|
|
31
|
+
with:
|
|
32
|
+
ruby-version: ${{ matrix.ruby_version }}
|
|
33
|
+
bundler-cache: true
|
|
34
|
+
- run: bundle exec rake spec
|
|
35
|
+
- run: bundle exec rake features
|
data/Changelog.md
CHANGED
data/LICENSE.rdoc
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
(The MIT License)
|
|
4
4
|
|
|
5
|
-
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016 Emanuele Vicentini
|
|
5
|
+
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016, 2022 Emanuele Vicentini
|
|
6
6
|
|
|
7
7
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
8
8
|
of this software and associated documentation files (the 'Software'), to deal
|
data/README.rdoc
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
= Rack::Csrf {<img src="https://
|
|
1
|
+
= Rack::Csrf {<img src="https://circleci.com/gh/baldowl/rack_csrf.svg?style=svg" alt="CircleCI" />}[https://circleci.com/gh/baldowl/rack_csrf] {<img src="https://github.com/baldowl/rack_csrf/actions/workflows/ci.yml/badge.svg?branch=master" alt="Actions Status: CI" />}[https://github.com/baldowl/rack_csrf/actions?query=workflow%3ACI+branch%3Amaster] {<img src="https://badge.fury.io/rb/rack_csrf.svg" alt="Gem Version" />}[http://badge.fury.io/rb/rack_csrf]
|
|
2
2
|
|
|
3
3
|
This is just a small Rack middleware whose only goal is to lessen the hazards
|
|
4
4
|
posed by CSRF attacks by trying to ensure that all requests of particular
|
|
@@ -193,8 +193,9 @@ framework; see the various README files for other details.
|
|
|
193
193
|
== Supported Rubies and Racks
|
|
194
194
|
|
|
195
195
|
The gemspec shows the minimum Ruby and Rack versions, but Rack::Csrf is
|
|
196
|
-
tested only with the Rubies and Racks you can see in
|
|
197
|
-
|
|
196
|
+
tested only with the Rubies and Racks you can see in
|
|
197
|
+
<tt>.circleci/config.yml</tt> and/or <tt>.github/workflows/ci.yml</tt>. It
|
|
198
|
+
could work also with older versions, but I decided not to test it against
|
|
198
199
|
unsupported Rubies and Racks.
|
|
199
200
|
|
|
200
201
|
== Contributing
|
|
@@ -219,5 +220,5 @@ forgo responsibilities for keeping your application as safe as possible.
|
|
|
219
220
|
|
|
220
221
|
== Copyright
|
|
221
222
|
|
|
222
|
-
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016 Emanuele Vicentini.
|
|
223
|
-
LICENSE.rdoc for details.
|
|
223
|
+
Copyright (c) 2009, 2010, 2011, 2012, 2014, 2016, 2022 Emanuele Vicentini.
|
|
224
|
+
See LICENSE.rdoc for details.
|
data/features/support/env.rb
CHANGED
data/lib/rack/csrf/version.rb
CHANGED
data/lib/rack/csrf.rb
CHANGED
|
@@ -1,8 +1,22 @@
|
|
|
1
|
-
|
|
1
|
+
begin
|
|
2
|
+
require 'rack/version'
|
|
3
|
+
rescue LoadError
|
|
4
|
+
require 'rack'
|
|
5
|
+
else
|
|
6
|
+
if Rack.release >= '2.3'
|
|
7
|
+
require 'rack/request'
|
|
8
|
+
require 'rack/utils'
|
|
9
|
+
else
|
|
10
|
+
require 'rack'
|
|
11
|
+
end
|
|
12
|
+
end
|
|
2
13
|
require 'securerandom'
|
|
3
14
|
|
|
4
15
|
module Rack
|
|
5
16
|
class Csrf
|
|
17
|
+
CONTENT_TYPE = (Rack.release >= '2.3' ? 'content-type' : 'Content-Type').freeze
|
|
18
|
+
CONTENT_LENGTH = (Rack.release >= '2.3' ? 'content-length' : 'Content-Length').freeze
|
|
19
|
+
|
|
6
20
|
class SessionUnavailable < StandardError; end
|
|
7
21
|
class InvalidCsrfToken < StandardError; end
|
|
8
22
|
|
|
@@ -38,7 +52,7 @@ module Rack
|
|
|
38
52
|
@app.call(env)
|
|
39
53
|
else
|
|
40
54
|
fail InvalidCsrfToken if @raise_if_invalid
|
|
41
|
-
[403, {
|
|
55
|
+
[403, {CONTENT_TYPE => 'text/html', CONTENT_LENGTH => '0'}, []]
|
|
42
56
|
end
|
|
43
57
|
end
|
|
44
58
|
|
data/rack_csrf.gemspec
CHANGED
|
@@ -40,7 +40,7 @@ Gem::Specification.new do |spec|
|
|
|
40
40
|
|
|
41
41
|
spec.add_development_dependency 'bundler', '>= 1.0.0'
|
|
42
42
|
spec.add_development_dependency 'rake'
|
|
43
|
-
spec.add_development_dependency 'cucumber', '~>
|
|
43
|
+
spec.add_development_dependency 'cucumber', '~> 3.0'
|
|
44
44
|
spec.add_development_dependency 'rack-test', '>= 0'
|
|
45
45
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
|
46
46
|
spec.add_development_dependency 'rdoc', '>= 2.4.2'
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack_csrf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Emanuele Vicentini
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '
|
|
61
|
+
version: '3.0'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: '
|
|
68
|
+
version: '3.0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rack-test
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -131,9 +131,11 @@ extra_rdoc_files:
|
|
|
131
131
|
- LICENSE.rdoc
|
|
132
132
|
- README.rdoc
|
|
133
133
|
files:
|
|
134
|
+
- ".circleci/config.yml"
|
|
135
|
+
- ".github/dependabot.yml"
|
|
136
|
+
- ".github/workflows/ci.yml"
|
|
134
137
|
- ".gitignore"
|
|
135
138
|
- ".rspec"
|
|
136
|
-
- ".travis.yml"
|
|
137
139
|
- Changelog.md
|
|
138
140
|
- Gemfile
|
|
139
141
|
- LICENSE.rdoc
|
|
@@ -198,12 +200,12 @@ homepage: https://github.com/baldowl/rack_csrf
|
|
|
198
200
|
licenses:
|
|
199
201
|
- MIT
|
|
200
202
|
metadata: {}
|
|
201
|
-
post_install_message:
|
|
203
|
+
post_install_message:
|
|
202
204
|
rdoc_options:
|
|
203
205
|
- "--line-numbers"
|
|
204
206
|
- "--inline-source"
|
|
205
207
|
- "--title"
|
|
206
|
-
- Rack::Csrf 2.
|
|
208
|
+
- Rack::Csrf 2.7.0
|
|
207
209
|
- "--main"
|
|
208
210
|
- README.rdoc
|
|
209
211
|
require_paths:
|
|
@@ -219,9 +221,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
219
221
|
- !ruby/object:Gem::Version
|
|
220
222
|
version: '0'
|
|
221
223
|
requirements: []
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
signing_key:
|
|
224
|
+
rubygems_version: 3.3.22
|
|
225
|
+
signing_key:
|
|
225
226
|
specification_version: 4
|
|
226
227
|
summary: Anti-CSRF Rack middleware
|
|
227
228
|
test_files:
|
data/.travis.yml
DELETED
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
sudo: false
|
|
2
|
-
|
|
3
|
-
language: ruby
|
|
4
|
-
|
|
5
|
-
rvm:
|
|
6
|
-
- 2.0.0-p648
|
|
7
|
-
- 2.1.10
|
|
8
|
-
- 2.2.6
|
|
9
|
-
- 2.3.3
|
|
10
|
-
- 2.4.0
|
|
11
|
-
|
|
12
|
-
env:
|
|
13
|
-
- TEST_WITH_RACK=1.4.0
|
|
14
|
-
- TEST_WITH_RACK=1.5.0
|
|
15
|
-
- TEST_WITH_RACK=1.6.0
|
|
16
|
-
- TEST_WITH_RACK=2.0.0
|
|
17
|
-
|
|
18
|
-
matrix:
|
|
19
|
-
exclude:
|
|
20
|
-
- rvm: 2.0.0-p648
|
|
21
|
-
env: TEST_WITH_RACK=2.0.0
|
|
22
|
-
- rvm: 2.1.10
|
|
23
|
-
env: TEST_WITH_RACK=2.0.0
|
|
24
|
-
|
|
25
|
-
script: bundle exec rake spec features
|