roda 3.85.0 → 3.86.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/roda/plugins/autoload_hash_branches.rb +1 -1
- data/lib/roda/plugins/autoload_named_routes.rb +1 -1
- data/lib/roda/plugins/conditional_sessions.rb +67 -0
- data/lib/roda/plugins/content_security_policy.rb +12 -2
- data/lib/roda/plugins/early_hints.rb +1 -2
- data/lib/roda/plugins/permissions_policy.rb +12 -2
- data/lib/roda/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1851a201539b728f1af90ea1b85b2b33a9026f71986cb65c1aabdd079f653ad
|
|
4
|
+
data.tar.gz: f360e0bfeb3442df2fa1f96e28362eee9850c0f54d160bfbfc2b11d62d33ba39
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d2bef4abc3d5e08ddb5a1c9c27f8b626b631a5951cec7cee062c497074cb7f68e6c8b36e75261cc913a580a87d5111438e8a21488669812c9a3b227bf9609e0b
|
|
7
|
+
data.tar.gz: e668a47039e529aa026e21ddfd6346b3e1fa224f432b46085b33242c9551ced88278328f2d2d471b2593f841da0a882d8f85dd2468277484409f679485a219df
|
|
@@ -68,7 +68,7 @@ class Roda
|
|
|
68
68
|
|
|
69
69
|
# Eagerly load all hash branches when freezing the application.
|
|
70
70
|
def freeze
|
|
71
|
-
opts.delete(:autoload_hash_branch_files).each{|file| require file}
|
|
71
|
+
opts.delete(:autoload_hash_branch_files).each{|file| require file} unless opts.frozen?
|
|
72
72
|
super
|
|
73
73
|
end
|
|
74
74
|
end
|
|
@@ -54,7 +54,7 @@ class Roda
|
|
|
54
54
|
|
|
55
55
|
# Eagerly load all autoloaded named routes when freezing the application.
|
|
56
56
|
def freeze
|
|
57
|
-
opts.delete(:autoload_named_route_files).each{|file| require file}
|
|
57
|
+
opts.delete(:autoload_named_route_files).each{|file| require file} unless opts.frozen?
|
|
58
58
|
super
|
|
59
59
|
end
|
|
60
60
|
end
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# frozen-string-literal: true
|
|
2
|
+
|
|
3
|
+
class Roda
|
|
4
|
+
module RodaPlugins
|
|
5
|
+
# The conditional_sessions plugin loads the sessions plugin. However,
|
|
6
|
+
# it only allows sessions if the block passed to the plugin returns
|
|
7
|
+
# truthy. The block is evaluated in request context. This is designed for
|
|
8
|
+
# use in applications that want to use sessions for some requests,
|
|
9
|
+
# and want to be sure that sessions are not used for other requests.
|
|
10
|
+
# For example, if you want to make sure that sessions are not used for
|
|
11
|
+
# requests with paths starting with /static, you could do:
|
|
12
|
+
#
|
|
13
|
+
# plugin :conditional_sessions, secret: ENV["SECRET"] do
|
|
14
|
+
# !path_info.start_with?('/static')
|
|
15
|
+
# end
|
|
16
|
+
#
|
|
17
|
+
# The the request session, session_created_at, and session_updated_at methods
|
|
18
|
+
# raise a RodaError exception when sessions are not allowed. The request
|
|
19
|
+
# persist_session and route scope clear_session methods do nothing when
|
|
20
|
+
# sessions are not allowed.
|
|
21
|
+
module ConditionalSessions
|
|
22
|
+
# Pass all options to the sessions block, and use the block to define
|
|
23
|
+
# a request method for whether sessions are allowed.
|
|
24
|
+
def self.load_dependencies(app, opts=OPTS, &block)
|
|
25
|
+
app.plugin :sessions, opts
|
|
26
|
+
app::RodaRequest.class_eval do
|
|
27
|
+
define_method(:use_sessions?, &block)
|
|
28
|
+
alias use_sessions? use_sessions?
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
module InstanceMethods
|
|
33
|
+
# Do nothing if not using sessions.
|
|
34
|
+
def clear_session
|
|
35
|
+
super if @_request.use_sessions?
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
module RequestMethods
|
|
40
|
+
# Raise RodaError if not using sessions.
|
|
41
|
+
def session
|
|
42
|
+
raise RodaError, "session called on request not using sessions" unless use_sessions?
|
|
43
|
+
super
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
# Raise RodaError if not using sessions.
|
|
47
|
+
def session_created_at
|
|
48
|
+
raise RodaError, "session_created_at called on request not using sessions" unless use_sessions?
|
|
49
|
+
super
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# Raise RodaError if not using sessions.
|
|
53
|
+
def session_updated_at
|
|
54
|
+
raise RodaError, "session_updated_at called on request not using sessions" unless use_sessions?
|
|
55
|
+
super
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# Do nothing if not using sessions.
|
|
59
|
+
def persist_session(headers, session)
|
|
60
|
+
super if use_sessions?
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
register_plugin(:conditional_sessions, ConditionalSessions)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
@@ -92,7 +92,10 @@ class Roda
|
|
|
92
92
|
# content_security_policy.get_script_src
|
|
93
93
|
# # => [:self, :unsafe_eval, 'example.com', [:nonce, 'foobarbaz']]
|
|
94
94
|
#
|
|
95
|
-
# The clear method can be used to remove all settings from the policy.
|
|
95
|
+
# The clear method can be used to remove all settings from the policy. Empty policies
|
|
96
|
+
# do not set any headers. You can use +response.skip_content_security_policy!+ to skip
|
|
97
|
+
# setting a policy. This is faster than calling +content_security_policy.clear+, since
|
|
98
|
+
# it does not duplicate the default policy.
|
|
96
99
|
#
|
|
97
100
|
# The following methods to set boolean settings are also defined:
|
|
98
101
|
#
|
|
@@ -304,12 +307,19 @@ class Roda
|
|
|
304
307
|
@content_security_policy ||= roda_class.opts[:content_security_policy].dup
|
|
305
308
|
end
|
|
306
309
|
|
|
310
|
+
# Do not set a content security policy header for this response.
|
|
311
|
+
def skip_content_security_policy!
|
|
312
|
+
@skip_content_security_policy = true
|
|
313
|
+
end
|
|
314
|
+
|
|
307
315
|
private
|
|
308
316
|
|
|
309
317
|
# Set the appropriate content security policy header.
|
|
310
318
|
def set_default_headers
|
|
311
319
|
super
|
|
312
|
-
|
|
320
|
+
unless @skip_content_security_policy
|
|
321
|
+
(@content_security_policy || roda_class.opts[:content_security_policy]).set_header(headers)
|
|
322
|
+
end
|
|
313
323
|
end
|
|
314
324
|
end
|
|
315
325
|
end
|
|
@@ -4,8 +4,7 @@
|
|
|
4
4
|
class Roda
|
|
5
5
|
module RodaPlugins
|
|
6
6
|
# The early_hints plugin allows sending 103 Early Hints responses
|
|
7
|
-
# using the rack.early_hints environment variable.
|
|
8
|
-
# is only supported by puma 3.11+, and on other servers this is a no-op.
|
|
7
|
+
# using the rack.early_hints environment variable.
|
|
9
8
|
# Early hints allow clients to preload necessary files before receiving
|
|
10
9
|
# the response.
|
|
11
10
|
module EarlyHints
|
|
@@ -99,7 +99,10 @@ class Roda
|
|
|
99
99
|
# permissions_policy.get_fullscreen
|
|
100
100
|
# # => [:self, "https://example.com", "https://*.example.com"]
|
|
101
101
|
#
|
|
102
|
-
# The clear method can be used to remove all settings from the policy.
|
|
102
|
+
# The clear method can be used to remove all settings from the policy. Empty policies
|
|
103
|
+
# do not set any headers. You can use +response.skip_permissions_policy!+ to skip
|
|
104
|
+
# setting a policy. This is faster than calling +permissions_policy.clear+, since
|
|
105
|
+
# it does not duplicate the default policy.
|
|
103
106
|
module PermissionsPolicy
|
|
104
107
|
SUPPORTED_SETTINGS = %w'
|
|
105
108
|
accelerometer
|
|
@@ -311,12 +314,19 @@ class Roda
|
|
|
311
314
|
@permissions_policy ||= roda_class.opts[:permissions_policy].dup
|
|
312
315
|
end
|
|
313
316
|
|
|
317
|
+
# Do not set a permissions policy header for this response.
|
|
318
|
+
def skip_permissions_policy!
|
|
319
|
+
@skip_permissions_policy = true
|
|
320
|
+
end
|
|
321
|
+
|
|
314
322
|
private
|
|
315
323
|
|
|
316
324
|
# Set the appropriate permissions policy header.
|
|
317
325
|
def set_default_headers
|
|
318
326
|
super
|
|
319
|
-
|
|
327
|
+
unless @skip_permissions_policy
|
|
328
|
+
(@permissions_policy || roda_class.opts[:permissions_policy]).set_header(headers)
|
|
329
|
+
end
|
|
320
330
|
end
|
|
321
331
|
end
|
|
322
332
|
end
|
data/lib/roda/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: roda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.86.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -186,6 +186,7 @@ files:
|
|
|
186
186
|
- lib/roda/plugins/class_level_routing.rb
|
|
187
187
|
- lib/roda/plugins/class_matchers.rb
|
|
188
188
|
- lib/roda/plugins/common_logger.rb
|
|
189
|
+
- lib/roda/plugins/conditional_sessions.rb
|
|
189
190
|
- lib/roda/plugins/content_for.rb
|
|
190
191
|
- lib/roda/plugins/content_security_policy.rb
|
|
191
192
|
- lib/roda/plugins/cookie_flags.rb
|
|
@@ -326,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
326
327
|
- !ruby/object:Gem::Version
|
|
327
328
|
version: '0'
|
|
328
329
|
requirements: []
|
|
329
|
-
rubygems_version: 3.5.
|
|
330
|
+
rubygems_version: 3.5.22
|
|
330
331
|
signing_key:
|
|
331
332
|
specification_version: 4
|
|
332
333
|
summary: Routing tree web toolkit
|