RubyGems - rack_nonce_middleware - Versions diffs - 0.0.1 - Mend

rack_nonce_middleware 0.0.1

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8d43c77cc5ff633d2464001a7effbc53f405c9799be26d22a696ab811b316b03
+  data.tar.gz: 0d394b9f3fc25144c013f0e1624eeb9a29c70b8157b2dbe239b7b77cf4871516
+SHA512:
+  metadata.gz: 1492e314723b4ec0ff521b4d9a80e0de9a035de7bcc6a31a270e5dcf178975a8ebbf97cb290e3386ef3f65e3349c7bbd437a068c8d0fcf4a9871555ae56c0f25
+  data.tar.gz: 7a6345a3bbf4572d7817db9efff479dd3a4676bbdb134539514464eae244a81313533689358e2978f0b9fbf82c12737a6309a3c9eb54f591054bfc0d9295af31

data/lib/rack_nonce_middleware.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# Description: Rack middleware to add a nonce to the CSP header
+# and expose it to the application.
+# Usage:
+#    In your backend application, add the middleware to the stack:
+#
+#     require 'rack-nonce-middleware'
+#     use(Rack::Protection, {
+#       use: %i[content_security_policy],
+#       script_src: "'self' #{RackNonceMiddleware::NONCE} https://....",
+#       style_src: "'self' #{RackNonceMiddleware::NONCE} https://....",
+#     use RackNonceMiddleware # Make sure thus is included after Rack::Protection
+#
+#    In your views, add the nonce to the script and style tags:
+#    <script nonce="<%= env['csp.nonce'] %>">...</script>
+#    <style nonce="<%= env['csp.nonce'] %>">...</style>
+class RackNonceMiddleware
+  NONCE = 'nonce-NONCE-VALUE'.freeze
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    nonce = SecureRandom.alphanumeric(16)
+    env['csp.nonce'] = nonce
+    status, headers, response = @app.call(env)
+    puts "====> #{headers.keys}"
+    if headers['Content-Security-Policy']
+      headers['Content-Security-Policy'] = headers['Content-Security-Policy'].gsub(NONCE, "nonce-#{nonce}")
+    end
+    [status, headers, response]
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,44 @@
+--- !ruby/object:Gem::Specification
+name: rack_nonce_middleware
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Tadas Tamosauskas, Pragmatic Genomics Ltd
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-07-15 00:00:00.000000000 Z
+dependencies: []
+description: A Rack middleware to add a nonce to the CSP header and expose it to the
+  view templates
+email: contact@sequenceserver.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/rack_nonce_middleware.rb
+homepage: https://rubygems.org/gems/rack_nonce_middleware
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.14
+signing_key:
+specification_version: 4
+summary: A Rack middleware for adding a CSP nonce to requests
+test_files: []