RubyGems - rack_nonce_middleware - Versions diffs - 0.0.1 - Mend

rack_nonce_middleware 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +7 -0
data/lib/rack_nonce_middleware.rb +37 -0
metadata +44 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8d43c77cc5ff633d2464001a7effbc53f405c9799be26d22a696ab811b316b03
+  data.tar.gz: 0d394b9f3fc25144c013f0e1624eeb9a29c70b8157b2dbe239b7b77cf4871516
+SHA512:
+  metadata.gz: 1492e314723b4ec0ff521b4d9a80e0de9a035de7bcc6a31a270e5dcf178975a8ebbf97cb290e3386ef3f65e3349c7bbd437a068c8d0fcf4a9871555ae56c0f25
+  data.tar.gz: 7a6345a3bbf4572d7817db9efff479dd3a4676bbdb134539514464eae244a81313533689358e2978f0b9fbf82c12737a6309a3c9eb54f591054bfc0d9295af31

data/lib/rack_nonce_middleware.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# Description: Rack middleware to add a nonce to the CSP header
+# and expose it to the application.
+# Usage:
+#    In your backend application, add the middleware to the stack:
+#
+#     require 'rack-nonce-middleware'
+#     use(Rack::Protection, {
+#       use: %i[content_security_policy],
+#       script_src: "'self' #{RackNonceMiddleware::NONCE} https://....",
+#       style_src: "'self' #{RackNonceMiddleware::NONCE} https://....",
+#     use RackNonceMiddleware # Make sure thus is included after Rack::Protection
+#
+#    In your views, add the nonce to the script and style tags:
+#    <script nonce="<%= env['csp.nonce'] %>">...</script>
+#    <style nonce="<%= env['csp.nonce'] %>">...</style>
+class RackNonceMiddleware
+  NONCE = 'nonce-NONCE-VALUE'.freeze
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    nonce = SecureRandom.alphanumeric(16)
+    env['csp.nonce'] = nonce
+    status, headers, response = @app.call(env)
+    puts "====> #{headers.keys}"
+    if headers['Content-Security-Policy']
+      headers['Content-Security-Policy'] = headers['Content-Security-Policy'].gsub(NONCE, "nonce-#{nonce}")
+    end
+    [status, headers, response]
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,44 @@
+--- !ruby/object:Gem::Specification
+name: rack_nonce_middleware
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Tadas Tamosauskas, Pragmatic Genomics Ltd
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-07-15 00:00:00.000000000 Z
+dependencies: []
+description: A Rack middleware to add a nonce to the CSP header and expose it to the
+  view templates
+email: contact@sequenceserver.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/rack_nonce_middleware.rb
+homepage: https://rubygems.org/gems/rack_nonce_middleware
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.14
+signing_key:
+specification_version: 4
+summary: A Rack middleware for adding a CSP nonce to requests
+test_files: []