rails_same_site_cookie 0.1.8 → 0.1.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +3 -0
- data/lib/rails_same_site_cookie/middleware.rb +5 -4
- data/lib/rails_same_site_cookie/version.rb +1 -1
- data/rails_same_site_cookie.gemspec +1 -1
- metadata +9 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: d6fa81378a73177217ee8a6cf22b3393972b6f675a579eb72f9e76eeecd5274a
|
|
4
|
+
data.tar.gz: 1299774e31c995474be51d4bbe8926cc0f7b6a2cf6acf0864358d84e5d17f6aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '08900401473433c96bc4293cfee4ab587ceff0bced274314512408969c23e5b7a57ee6922d501f7dfeebbae0c16342ef12ceccd128252940802d8f29473e9151'
|
|
7
|
+
data.tar.gz: afa375b09d3f965bebff85cc2f3b7622600d8d86a89083c66bd5f6a5191ead709803a93e9d6ba7a3c7ca7ce9cabf72ed7ec8cd31bef3c6ec502d3b8dc0f799dc
|
data/README.md
CHANGED
|
@@ -8,6 +8,9 @@ This new behavior shouldn't be a problem for most apps but if your Rails app pro
|
|
|
8
8
|
|
|
9
9
|
This gem fixes the above problems by explicity setting SameSite=None for all cookies where the SameSite directive is missing and the requesting user agent is not in Chrome's [provided list of known incompatible clients](https://www.chromium.org/updates/same-site/incompatible-clients).
|
|
10
10
|
|
|
11
|
+
### Note about incompatibility with Safari and the future of third-party cookies
|
|
12
|
+
Newer versions of Safari [block third party cookies by default](https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/) regardless of whether the SameSite flag is set. By design there is no workaround for this without the user manually going in and overriding the default settings to allow cross-site tracking. Chrome also plans to [completely phase out third party cookies in 2022](https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html) at which point this gem will be useless.
|
|
13
|
+
|
|
11
14
|
### Note about HTTP requests and local testing
|
|
12
15
|
Note that for Chrome/Chromium based browsers the gem only sets the SameSite flag on cookies sent over HTTPS. So if you're testing on your local machine and you haven't setup your localhost to use SSL you will see warnings in versions of Chrome less than 80 about the missing SameSite flag, and in Chrome 80+ these cookies will be ignored entirely. To work around this in Chrome 80+ without setting up SSL you can disable the following Chrome flags: chrome://flags/ -> `SameSite by default cookies` and `Cookies without SameSite must be secure`.
|
|
13
16
|
|
|
@@ -14,10 +14,11 @@ module RailsSameSiteCookie
|
|
|
14
14
|
|
|
15
15
|
regex = RailsSameSiteCookie.configuration.user_agent_regex
|
|
16
16
|
set_cookie = headers['Set-Cookie']
|
|
17
|
-
|
|
17
|
+
set_cookie_is_array = set_cookie.is_a?(Array)
|
|
18
|
+
if (regex.nil? or regex.match(env['HTTP_USER_AGENT'])) and not (set_cookie.nil? or (set_cookie_is_array ? set_cookie.empty? : set_cookie.strip == ''))
|
|
18
19
|
parser = UserAgentChecker.new(env['HTTP_USER_AGENT'])
|
|
19
20
|
if parser.send_same_site_none?
|
|
20
|
-
cookies = set_cookie.split(COOKIE_SEPARATOR)
|
|
21
|
+
cookies = set_cookie_is_array ? set_cookie : set_cookie.split(COOKIE_SEPARATOR)
|
|
21
22
|
ssl = Rack::Request.new(env).ssl?
|
|
22
23
|
|
|
23
24
|
cookies.each do |cookie|
|
|
@@ -34,7 +35,7 @@ module RailsSameSiteCookie
|
|
|
34
35
|
|
|
35
36
|
end
|
|
36
37
|
|
|
37
|
-
headers['Set-Cookie'] = cookies.join(COOKIE_SEPARATOR)
|
|
38
|
+
headers['Set-Cookie'] = set_cookie_is_array ? cookies : cookies.join(COOKIE_SEPARATOR)
|
|
38
39
|
end
|
|
39
40
|
end
|
|
40
41
|
|
|
@@ -42,4 +43,4 @@ module RailsSameSiteCookie
|
|
|
42
43
|
end
|
|
43
44
|
|
|
44
45
|
end
|
|
45
|
-
end
|
|
46
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails_same_site_cookie
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Philip Schinis
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -72,15 +72,15 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '2.
|
|
75
|
+
version: '2.6'
|
|
76
76
|
type: :runtime
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '2.
|
|
83
|
-
description:
|
|
82
|
+
version: '2.6'
|
|
83
|
+
description:
|
|
84
84
|
email:
|
|
85
85
|
- p.schinis@gmail.com
|
|
86
86
|
executables: []
|
|
@@ -110,7 +110,7 @@ licenses:
|
|
|
110
110
|
metadata:
|
|
111
111
|
homepage_uri: https://github.com/pschinis/rails_same_site_cookie
|
|
112
112
|
source_code_uri: https://github.com/pschinis/rails_same_site_cookie
|
|
113
|
-
post_install_message:
|
|
113
|
+
post_install_message:
|
|
114
114
|
rdoc_options: []
|
|
115
115
|
require_paths:
|
|
116
116
|
- lib
|
|
@@ -125,9 +125,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
125
125
|
- !ruby/object:Gem::Version
|
|
126
126
|
version: '0'
|
|
127
127
|
requirements: []
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
signing_key:
|
|
128
|
+
rubygems_version: 3.1.2
|
|
129
|
+
signing_key:
|
|
131
130
|
specification_version: 4
|
|
132
131
|
summary: This gem allows you to set the SameSite=None cookie directive without breaking
|
|
133
132
|
browsers that don't support it.
|