rack_web_console 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/rack_console/version.rb +1 -1
- data/lib/rack_web_console.rb +9 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dcd27bbf7602dceca8c4f8a932e4357b6fa71a86
|
|
4
|
+
data.tar.gz: 41d49308a3c17ebca10343b53151f4b89954edd2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: abd3d2c15e9dead6eb862166110c2d3345c6a316bdd61d6c2df9228e93877ed569cae64281169cd940a688b41b4afb94661122fa2aa1db9c03dca483594e6095
|
|
7
|
+
data.tar.gz: bff88e035f39d359e6c064ae16ce55f178c83f8f824a80ed34efb0118e4fc803636404da801f489b9e7add0c4a5fee9a57ad0ade3bb7af3d63b31dd54d54481d
|
data/README.md
CHANGED
data/lib/rack_console/version.rb
CHANGED
data/lib/rack_web_console.rb
CHANGED
|
@@ -20,6 +20,7 @@ class RackConsole
|
|
|
20
20
|
|
|
21
21
|
|
|
22
22
|
def process_script(env)
|
|
23
|
+
return [403, {}, []] unless same_origin?(env)
|
|
23
24
|
script = CGI.unescape env['rack.input'].read.sub(/\Ascript=/, '')
|
|
24
25
|
@_storage&.script=(script)
|
|
25
26
|
result = []
|
|
@@ -37,6 +38,14 @@ class RackConsole
|
|
|
37
38
|
[ 200, headers, [ result.join("\n").gsub("\n", "<br>\n") ] ]
|
|
38
39
|
end
|
|
39
40
|
|
|
41
|
+
def same_origin?(env)
|
|
42
|
+
env['HTTP_HOST'] == (domain_from(env['HTTP_ORIGIN']) || domain_from(env['HTTP_REFERER']))
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def domain_from(referer)
|
|
46
|
+
referer && referer.gsub(%r{(?:\Ahttps?://|/.*)}, '')
|
|
47
|
+
end
|
|
48
|
+
|
|
40
49
|
def render_view(env)
|
|
41
50
|
[ 200, { 'Content-Type' => 'text/html; charset=utf-8' }, [ view_response(env) ] ]
|
|
42
51
|
end
|