rack_web_console 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/lib/rack_console/version.rb +1 -1
  4. data/lib/rack_web_console.rb +9 -0
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a4d00b4ee750af6eb2782b71b432f411964fbd4a
4
- data.tar.gz: 60be9ea39bd4756d4b9dac911678ae8752d6f0bd
3
+ metadata.gz: dcd27bbf7602dceca8c4f8a932e4357b6fa71a86
4
+ data.tar.gz: 41d49308a3c17ebca10343b53151f4b89954edd2
5
5
  SHA512:
6
- metadata.gz: 076756194180b419477fc145a67ac1c01e276ddca634d359d0c05de23186b1963da0c15eff378648573b16b7d85e7bc64f04133b1d8e6cb4f43a1725e2406995
7
- data.tar.gz: ece2517ff410af142bd1a5d8447f511611b6e3fe4e8044e5a99221ae2881d28f8215d0eb5f92c83d5bdb4bd321441bccb0b9dd6316acdcff0c19396379de37cd
6
+ metadata.gz: abd3d2c15e9dead6eb862166110c2d3345c6a316bdd61d6c2df9228e93877ed569cae64281169cd940a688b41b4afb94661122fa2aa1db9c03dca483594e6095
7
+ data.tar.gz: bff88e035f39d359e6c064ae16ce55f178c83f8f824a80ed34efb0118e4fc803636404da801f489b9e7add0c4a5fee9a57ad0ade3bb7af3d63b31dd54d54481d
data/README.md CHANGED
@@ -41,7 +41,7 @@ require 'rack_web_console'
41
41
 
42
42
  class App < Roda
43
43
  route do |r|
44
- r.on('console'){ halt RackConsole.new(binding) }
44
+ r.on('console'){ halt RackConsole.new(binding) } if ENV['RACK_ENV'] == 'development'
45
45
  'default response'
46
46
  end
47
47
  end
data/lib/rack_console/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class RackConsole
2
- VERSION = '0.1.0'
2
+ VERSION = '0.1.1'
3
3
  end
data/lib/rack_web_console.rb CHANGED
@@ -20,6 +20,7 @@ class RackConsole
20
20
 
21
21
 
22
22
  def process_script(env)
23
+ return [403, {}, []] unless same_origin?(env)
23
24
  script = CGI.unescape env['rack.input'].read.sub(/\Ascript=/, '')
24
25
  @_storage&.script=(script)
25
26
  result = []
@@ -37,6 +38,14 @@ class RackConsole
37
38
  [ 200, headers, [ result.join("\n").gsub("\n", "<br>\n") ] ]
38
39
  end
39
40
 
41
+ def same_origin?(env)
42
+ env['HTTP_HOST'] == (domain_from(env['HTTP_ORIGIN']) || domain_from(env['HTTP_REFERER']))
43
+ end
44
+
45
+ def domain_from(referer)
46
+ referer && referer.gsub(%r{(?:\Ahttps?://|/.*)}, '')
47
+ end
48
+
40
49
  def render_view(env)
41
50
  [ 200, { 'Content-Type' => 'text/html; charset=utf-8' }, [ view_response(env) ] ]
42
51
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack_web_console
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Rosenfeld Rosas