rails_same_site_cookie 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 618cf5109f133dcb39a5d87e17f20efe177cad03
|
4
|
+
data.tar.gz: 5a4f0cc5a8db31861d286304071168b09ed4a307
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8aa434cfd9495919993399d8644546c9c978794331cc6a32d4f429d8498949aab74d240d0b56f683a0a1e0d1929a22346170e389556d814a865bfb5b352cce6a
|
7
|
+
data.tar.gz: 7bb3208e5804dd672a429e62297f55ac3da376b0200d6d5cac93eca77aa0c88e9374cf11336e3307c24ea7d1d36735d3172b03352f95a282bff244d1c9c0f98d
|
data/README.md
CHANGED
@@ -9,7 +9,7 @@ This new behavior shouldn't be a problem for most apps but if your Rails app pro
|
|
9
9
|
This gem fixes the above problems by explicity setting SameSite=None for all cookies where the SameSite directive is missing and the requesting user agent is not in Chrome's [provided list of known incompatible clients](https://www.chromium.org/updates/same-site/incompatible-clients).
|
10
10
|
|
11
11
|
### Note about HTTP requests and local testing
|
12
|
-
Note that the gem only sets the
|
12
|
+
Note that for Chrome/Chromium based browsers the gem only sets the SameSite flag on cookies sent over HTTPS. So if you're testing on your local machine and you haven't setup your localhost to use SSL you will see warnings in versions of Chrome less than 80 about the missing SameSite flag, and in Chrome 80+ these cookies will be ignored entirely. To work around this in Chrome 80+ without setting up SSL you can disable the following Chrome flags: chrome://flags/ -> `SameSite by default cookies` and `Cookies without SameSite must be secure`.
|
13
13
|
|
14
14
|
## Installation
|
15
15
|
|
@@ -22,6 +22,8 @@ module RailsSameSiteCookie
|
|
22
22
|
|
23
23
|
cookies.each do |cookie|
|
24
24
|
next if cookie == '' or cookie.nil?
|
25
|
+
next if !ssl && parser.chrome? # https://www.chromestatus.com/feature/5633521622188032
|
26
|
+
|
25
27
|
if ssl and not cookie =~ /;\s*secure/i
|
26
28
|
cookie << '; Secure'
|
27
29
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails_same_site_cookie
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Philip Schinis
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-03-
|
11
|
+
date: 2020-03-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|