roda 3.85.0 → 3.86.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/roda/plugins/autoload_hash_branches.rb +1 -1
- data/lib/roda/plugins/autoload_named_routes.rb +1 -1
- data/lib/roda/plugins/conditional_sessions.rb +67 -0
- data/lib/roda/plugins/content_security_policy.rb +12 -2
- data/lib/roda/plugins/early_hints.rb +1 -2
- data/lib/roda/plugins/permissions_policy.rb +12 -2
- data/lib/roda/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1851a201539b728f1af90ea1b85b2b33a9026f71986cb65c1aabdd079f653ad
|
|
4
|
+
data.tar.gz: f360e0bfeb3442df2fa1f96e28362eee9850c0f54d160bfbfc2b11d62d33ba39
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d2bef4abc3d5e08ddb5a1c9c27f8b626b631a5951cec7cee062c497074cb7f68e6c8b36e75261cc913a580a87d5111438e8a21488669812c9a3b227bf9609e0b
|
|
7
|
+
data.tar.gz: e668a47039e529aa026e21ddfd6346b3e1fa224f432b46085b33242c9551ced88278328f2d2d471b2593f841da0a882d8f85dd2468277484409f679485a219df
|
|
@@ -68,7 +68,7 @@ class Roda
|
|
|
68
68
|
|
|
69
69
|
# Eagerly load all hash branches when freezing the application.
|
|
70
70
|
def freeze
|
|
71
|
-
opts.delete(:autoload_hash_branch_files).each{|file| require file}
|
|
71
|
+
opts.delete(:autoload_hash_branch_files).each{|file| require file} unless opts.frozen?
|
|
72
72
|
super
|
|
73
73
|
end
|
|
74
74
|
end
|
|
@@ -54,7 +54,7 @@ class Roda
|
|
|
54
54
|
|
|
55
55
|
# Eagerly load all autoloaded named routes when freezing the application.
|
|
56
56
|
def freeze
|
|
57
|
-
opts.delete(:autoload_named_route_files).each{|file| require file}
|
|
57
|
+
opts.delete(:autoload_named_route_files).each{|file| require file} unless opts.frozen?
|
|
58
58
|
super
|
|
59
59
|
end
|
|
60
60
|
end
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# frozen-string-literal: true
|
|
2
|
+
|
|
3
|
+
class Roda
|
|
4
|
+
module RodaPlugins
|
|
5
|
+
# The conditional_sessions plugin loads the sessions plugin. However,
|
|
6
|
+
# it only allows sessions if the block passed to the plugin returns
|
|
7
|
+
# truthy. The block is evaluated in request context. This is designed for
|
|
8
|
+
# use in applications that want to use sessions for some requests,
|
|
9
|
+
# and want to be sure that sessions are not used for other requests.
|
|
10
|
+
# For example, if you want to make sure that sessions are not used for
|
|
11
|
+
# requests with paths starting with /static, you could do:
|
|
12
|
+
#
|
|
13
|
+
# plugin :conditional_sessions, secret: ENV["SECRET"] do
|
|
14
|
+
# !path_info.start_with?('/static')
|
|
15
|
+
# end
|
|
16
|
+
#
|
|
17
|
+
# The the request session, session_created_at, and session_updated_at methods
|
|
18
|
+
# raise a RodaError exception when sessions are not allowed. The request
|
|
19
|
+
# persist_session and route scope clear_session methods do nothing when
|
|
20
|
+
# sessions are not allowed.
|
|
21
|
+
module ConditionalSessions
|
|
22
|
+
# Pass all options to the sessions block, and use the block to define
|
|
23
|
+
# a request method for whether sessions are allowed.
|
|
24
|
+
def self.load_dependencies(app, opts=OPTS, &block)
|
|
25
|
+
app.plugin :sessions, opts
|
|
26
|
+
app::RodaRequest.class_eval do
|
|
27
|
+
define_method(:use_sessions?, &block)
|
|
28
|
+
alias use_sessions? use_sessions?
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
module InstanceMethods
|
|
33
|
+
# Do nothing if not using sessions.
|
|
34
|
+
def clear_session
|
|
35
|
+
super if @_request.use_sessions?
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
module RequestMethods
|
|
40
|
+
# Raise RodaError if not using sessions.
|
|
41
|
+
def session
|
|
42
|
+
raise RodaError, "session called on request not using sessions" unless use_sessions?
|
|
43
|
+
super
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
# Raise RodaError if not using sessions.
|
|
47
|
+
def session_created_at
|
|
48
|
+
raise RodaError, "session_created_at called on request not using sessions" unless use_sessions?
|
|
49
|
+
super
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# Raise RodaError if not using sessions.
|
|
53
|
+
def session_updated_at
|
|
54
|
+
raise RodaError, "session_updated_at called on request not using sessions" unless use_sessions?
|
|
55
|
+
super
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# Do nothing if not using sessions.
|
|
59
|
+
def persist_session(headers, session)
|
|
60
|
+
super if use_sessions?
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
register_plugin(:conditional_sessions, ConditionalSessions)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
@@ -92,7 +92,10 @@ class Roda
|
|
|
92
92
|
# content_security_policy.get_script_src
|
|
93
93
|
# # => [:self, :unsafe_eval, 'example.com', [:nonce, 'foobarbaz']]
|
|
94
94
|
#
|
|
95
|
-
# The clear method can be used to remove all settings from the policy.
|
|
95
|
+
# The clear method can be used to remove all settings from the policy. Empty policies
|
|
96
|
+
# do not set any headers. You can use +response.skip_content_security_policy!+ to skip
|
|
97
|
+
# setting a policy. This is faster than calling +content_security_policy.clear+, since
|
|
98
|
+
# it does not duplicate the default policy.
|
|
96
99
|
#
|
|
97
100
|
# The following methods to set boolean settings are also defined:
|
|
98
101
|
#
|
|
@@ -304,12 +307,19 @@ class Roda
|
|
|
304
307
|
@content_security_policy ||= roda_class.opts[:content_security_policy].dup
|
|
305
308
|
end
|
|
306
309
|
|
|
310
|
+
# Do not set a content security policy header for this response.
|
|
311
|
+
def skip_content_security_policy!
|
|
312
|
+
@skip_content_security_policy = true
|
|
313
|
+
end
|
|
314
|
+
|
|
307
315
|
private
|
|
308
316
|
|
|
309
317
|
# Set the appropriate content security policy header.
|
|
310
318
|
def set_default_headers
|
|
311
319
|
super
|
|
312
|
-
|
|
320
|
+
unless @skip_content_security_policy
|
|
321
|
+
(@content_security_policy || roda_class.opts[:content_security_policy]).set_header(headers)
|
|
322
|
+
end
|
|
313
323
|
end
|
|
314
324
|
end
|
|
315
325
|
end
|
|
@@ -4,8 +4,7 @@
|
|
|
4
4
|
class Roda
|
|
5
5
|
module RodaPlugins
|
|
6
6
|
# The early_hints plugin allows sending 103 Early Hints responses
|
|
7
|
-
# using the rack.early_hints environment variable.
|
|
8
|
-
# is only supported by puma 3.11+, and on other servers this is a no-op.
|
|
7
|
+
# using the rack.early_hints environment variable.
|
|
9
8
|
# Early hints allow clients to preload necessary files before receiving
|
|
10
9
|
# the response.
|
|
11
10
|
module EarlyHints
|
|
@@ -99,7 +99,10 @@ class Roda
|
|
|
99
99
|
# permissions_policy.get_fullscreen
|
|
100
100
|
# # => [:self, "https://example.com", "https://*.example.com"]
|
|
101
101
|
#
|
|
102
|
-
# The clear method can be used to remove all settings from the policy.
|
|
102
|
+
# The clear method can be used to remove all settings from the policy. Empty policies
|
|
103
|
+
# do not set any headers. You can use +response.skip_permissions_policy!+ to skip
|
|
104
|
+
# setting a policy. This is faster than calling +permissions_policy.clear+, since
|
|
105
|
+
# it does not duplicate the default policy.
|
|
103
106
|
module PermissionsPolicy
|
|
104
107
|
SUPPORTED_SETTINGS = %w'
|
|
105
108
|
accelerometer
|
|
@@ -311,12 +314,19 @@ class Roda
|
|
|
311
314
|
@permissions_policy ||= roda_class.opts[:permissions_policy].dup
|
|
312
315
|
end
|
|
313
316
|
|
|
317
|
+
# Do not set a permissions policy header for this response.
|
|
318
|
+
def skip_permissions_policy!
|
|
319
|
+
@skip_permissions_policy = true
|
|
320
|
+
end
|
|
321
|
+
|
|
314
322
|
private
|
|
315
323
|
|
|
316
324
|
# Set the appropriate permissions policy header.
|
|
317
325
|
def set_default_headers
|
|
318
326
|
super
|
|
319
|
-
|
|
327
|
+
unless @skip_permissions_policy
|
|
328
|
+
(@permissions_policy || roda_class.opts[:permissions_policy]).set_header(headers)
|
|
329
|
+
end
|
|
320
330
|
end
|
|
321
331
|
end
|
|
322
332
|
end
|
data/lib/roda/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: roda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.86.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -186,6 +186,7 @@ files:
|
|
|
186
186
|
- lib/roda/plugins/class_level_routing.rb
|
|
187
187
|
- lib/roda/plugins/class_matchers.rb
|
|
188
188
|
- lib/roda/plugins/common_logger.rb
|
|
189
|
+
- lib/roda/plugins/conditional_sessions.rb
|
|
189
190
|
- lib/roda/plugins/content_for.rb
|
|
190
191
|
- lib/roda/plugins/content_security_policy.rb
|
|
191
192
|
- lib/roda/plugins/cookie_flags.rb
|
|
@@ -326,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
326
327
|
- !ruby/object:Gem::Version
|
|
327
328
|
version: '0'
|
|
328
329
|
requirements: []
|
|
329
|
-
rubygems_version: 3.5.
|
|
330
|
+
rubygems_version: 3.5.22
|
|
330
331
|
signing_key:
|
|
331
332
|
specification_version: 4
|
|
332
333
|
summary: Routing tree web toolkit
|