roda 3.83.0 → 3.84.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f3ad50e6de6bdfa7e2019cbcbe4a07b920a23adb30645616340b8bc007951a1
-  data.tar.gz: b5bd2835bb0f5286fb92555c602949482c4730b3497de4506a841a6ab3e80718
+  metadata.gz: 847704410e729b17a70bb30b3da0e7a2a539320c3394947269ca00c680e57c97
+  data.tar.gz: 8487b70418d90a811cca396a7c8fe52f87d9c6a93f34c7ca66316d8cb15a30b2
 SHA512:
-  metadata.gz: 8e6937b542ae838a0b4e79171936fc3cd937faf127900b34265ff9e0923144bf5cf25879fe0103b43b51fb9c940e1dfc6c058f91eb02bab23177369e3b0424f7
-  data.tar.gz: d7515ac6becbb47900713e5349b52eb41e284391c5a75743b4e3adcb3609a8ad09a20b8e38e7d85ddb59c52681396a9ec2b1b82b3264752731837b873907835d
+  metadata.gz: 94e7e1d8318aed73f0e491d8dae066b5a0c05a759cdadd690073d1ca8600acbb6269b0d1ab0cb51e038835563568e2a83db154dcf5ab5f72d4cfc809c0e94da5
+  data.tar.gz: 52e999ea7a16b47ad65b25ca52208f9b51d13ab8458ca24404e74606a9f3b6c9c5ea18b1bcb088b3e3495ac8f520b895af8eb23da07a85e96881f9008bafda1e

data/lib/roda/plugins/hsts.rb

@@ -0,0 +1,35 @@
+# frozen-string-literal: true
+
+#
+class Roda
+  module RodaPlugins
+    # The hsts plugin allows for easily configuring an appropriate
+    # Strict-Transport-Security response header for the application:
+    #
+    #   plugin :hsts
+    #   # Strict-Transport-Security: max-age=63072000; includeSubDomains
+    #
+    #   plugin :hsts, preload: true
+    #   # Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+    #
+    #   plugin :hsts, max_age: 31536000, subdomains: false
+    #   # Strict-Transport-Security: max-age=31536000
+    module Hsts
+      # Ensure default_headers plugin is loaded first
+      def self.load_dependencies(app, opts=OPTS)
+        app.plugin :default_headers
+      end
+
+      # Configure the Strict-Transport-Security header. Options:
+      # :max_age :: Set max-age in seconds (default is 63072000, two years)
+      # :preload :: Set preload, so the domain can be included in HSTS preload lists
+      # :subdomains :: Set to false to not set includeSubDomains. By default, 
+      #                includeSubDomains is set to enforce HTTPS for subdomains.
+      def self.configure(app, opts=OPTS)
+        app.plugin :default_headers, RodaResponseHeaders::STRICT_TRANSPORT_SECURITY => "max-age=#{opts[:max_age]||63072000}#{'; includeSubDomains' unless opts[:subdomains] == false}#{'; preload' if opts[:preload]}".freeze
+      end
+    end
+
+    register_plugin(:hsts, Hsts)
+  end
+end

data/lib/roda/response.rb

@@ -15,7 +15,7 @@ class Roda
     %w'Allow Cache-Control Content-Disposition Content-Encoding Content-Length
        Content-Security-Policy Content-Security-Policy-Report-Only Content-Type
        ETag Expires Last-Modified Link Location Set-Cookie Transfer-Encoding Vary
-       Permissions-Policy Permissions-Policy-Report-Only'.
+       Permissions-Policy Permissions-Policy-Report-Only Strict-Transport-Security'.
       each do |value|
         value = value.downcase if downcase
         const_set(value.gsub('-', '_').upcase!.to_sym, value.freeze)

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 3
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 83
+  RodaMinorVersion = 84
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 3.83.0
+  version: 3.84.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-12 00:00:00.000000000 Z
+date: 2024-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -156,185 +156,9 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files:
-- README.rdoc
 - MIT-LICENSE
-- CHANGELOG
-- doc/conventions.rdoc
-- doc/release_notes/3.0.0.txt
-- doc/release_notes/3.1.0.txt
-- doc/release_notes/3.10.0.txt
-- doc/release_notes/3.11.0.txt
-- doc/release_notes/3.12.0.txt
-- doc/release_notes/3.13.0.txt
-- doc/release_notes/3.14.0.txt
-- doc/release_notes/3.14.1.txt
-- doc/release_notes/3.15.0.txt
-- doc/release_notes/3.16.0.txt
-- doc/release_notes/3.17.0.txt
-- doc/release_notes/3.18.0.txt
-- doc/release_notes/3.19.0.txt
-- doc/release_notes/3.2.0.txt
-- doc/release_notes/3.20.0.txt
-- doc/release_notes/3.21.0.txt
-- doc/release_notes/3.22.0.txt
-- doc/release_notes/3.23.0.txt
-- doc/release_notes/3.24.0.txt
-- doc/release_notes/3.25.0.txt
-- doc/release_notes/3.26.0.txt
-- doc/release_notes/3.27.0.txt
-- doc/release_notes/3.28.0.txt
-- doc/release_notes/3.29.0.txt
-- doc/release_notes/3.3.0.txt
-- doc/release_notes/3.30.0.txt
-- doc/release_notes/3.31.0.txt
-- doc/release_notes/3.32.0.txt
-- doc/release_notes/3.33.0.txt
-- doc/release_notes/3.34.0.txt
-- doc/release_notes/3.35.0.txt
-- doc/release_notes/3.36.0.txt
-- doc/release_notes/3.37.0.txt
-- doc/release_notes/3.38.0.txt
-- doc/release_notes/3.39.0.txt
-- doc/release_notes/3.4.0.txt
-- doc/release_notes/3.40.0.txt
-- doc/release_notes/3.41.0.txt
-- doc/release_notes/3.42.0.txt
-- doc/release_notes/3.43.0.txt
-- doc/release_notes/3.44.0.txt
-- doc/release_notes/3.45.0.txt
-- doc/release_notes/3.46.0.txt
-- doc/release_notes/3.47.0.txt
-- doc/release_notes/3.48.0.txt
-- doc/release_notes/3.49.0.txt
-- doc/release_notes/3.5.0.txt
-- doc/release_notes/3.50.0.txt
-- doc/release_notes/3.51.0.txt
-- doc/release_notes/3.52.0.txt
-- doc/release_notes/3.53.0.txt
-- doc/release_notes/3.54.0.txt
-- doc/release_notes/3.55.0.txt
-- doc/release_notes/3.56.0.txt
-- doc/release_notes/3.57.0.txt
-- doc/release_notes/3.58.0.txt
-- doc/release_notes/3.59.0.txt
-- doc/release_notes/3.6.0.txt
-- doc/release_notes/3.60.0.txt
-- doc/release_notes/3.61.0.txt
-- doc/release_notes/3.62.0.txt
-- doc/release_notes/3.63.0.txt
-- doc/release_notes/3.64.0.txt
-- doc/release_notes/3.65.0.txt
-- doc/release_notes/3.66.0.txt
-- doc/release_notes/3.67.0.txt
-- doc/release_notes/3.68.0.txt
-- doc/release_notes/3.69.0.txt
-- doc/release_notes/3.7.0.txt
-- doc/release_notes/3.70.0.txt
-- doc/release_notes/3.71.0.txt
-- doc/release_notes/3.72.0.txt
-- doc/release_notes/3.73.0.txt
-- doc/release_notes/3.74.0.txt
-- doc/release_notes/3.75.0.txt
-- doc/release_notes/3.76.0.txt
-- doc/release_notes/3.77.0.txt
-- doc/release_notes/3.78.0.txt
-- doc/release_notes/3.79.0.txt
-- doc/release_notes/3.8.0.txt
-- doc/release_notes/3.80.0.txt
-- doc/release_notes/3.81.0.txt
-- doc/release_notes/3.82.0.txt
-- doc/release_notes/3.83.0.txt
-- doc/release_notes/3.9.0.txt
 files:
-- CHANGELOG
 - MIT-LICENSE
-- README.rdoc
-- doc/conventions.rdoc
-- doc/release_notes/3.0.0.txt
-- doc/release_notes/3.1.0.txt
-- doc/release_notes/3.10.0.txt
-- doc/release_notes/3.11.0.txt
-- doc/release_notes/3.12.0.txt
-- doc/release_notes/3.13.0.txt
-- doc/release_notes/3.14.0.txt
-- doc/release_notes/3.14.1.txt
-- doc/release_notes/3.15.0.txt
-- doc/release_notes/3.16.0.txt
-- doc/release_notes/3.17.0.txt
-- doc/release_notes/3.18.0.txt
-- doc/release_notes/3.19.0.txt
-- doc/release_notes/3.2.0.txt
-- doc/release_notes/3.20.0.txt
-- doc/release_notes/3.21.0.txt
-- doc/release_notes/3.22.0.txt
-- doc/release_notes/3.23.0.txt
-- doc/release_notes/3.24.0.txt
-- doc/release_notes/3.25.0.txt
-- doc/release_notes/3.26.0.txt
-- doc/release_notes/3.27.0.txt
-- doc/release_notes/3.28.0.txt
-- doc/release_notes/3.29.0.txt
-- doc/release_notes/3.3.0.txt
-- doc/release_notes/3.30.0.txt
-- doc/release_notes/3.31.0.txt
-- doc/release_notes/3.32.0.txt
-- doc/release_notes/3.33.0.txt
-- doc/release_notes/3.34.0.txt
-- doc/release_notes/3.35.0.txt
-- doc/release_notes/3.36.0.txt
-- doc/release_notes/3.37.0.txt
-- doc/release_notes/3.38.0.txt
-- doc/release_notes/3.39.0.txt
-- doc/release_notes/3.4.0.txt
-- doc/release_notes/3.40.0.txt
-- doc/release_notes/3.41.0.txt
-- doc/release_notes/3.42.0.txt
-- doc/release_notes/3.43.0.txt
-- doc/release_notes/3.44.0.txt
-- doc/release_notes/3.45.0.txt
-- doc/release_notes/3.46.0.txt
-- doc/release_notes/3.47.0.txt
-- doc/release_notes/3.48.0.txt
-- doc/release_notes/3.49.0.txt
-- doc/release_notes/3.5.0.txt
-- doc/release_notes/3.50.0.txt
-- doc/release_notes/3.51.0.txt
-- doc/release_notes/3.52.0.txt
-- doc/release_notes/3.53.0.txt
-- doc/release_notes/3.54.0.txt
-- doc/release_notes/3.55.0.txt
-- doc/release_notes/3.56.0.txt
-- doc/release_notes/3.57.0.txt
-- doc/release_notes/3.58.0.txt
-- doc/release_notes/3.59.0.txt
-- doc/release_notes/3.6.0.txt
-- doc/release_notes/3.60.0.txt
-- doc/release_notes/3.61.0.txt
-- doc/release_notes/3.62.0.txt
-- doc/release_notes/3.63.0.txt
-- doc/release_notes/3.64.0.txt
-- doc/release_notes/3.65.0.txt
-- doc/release_notes/3.66.0.txt
-- doc/release_notes/3.67.0.txt
-- doc/release_notes/3.68.0.txt
-- doc/release_notes/3.69.0.txt
-- doc/release_notes/3.7.0.txt
-- doc/release_notes/3.70.0.txt
-- doc/release_notes/3.71.0.txt
-- doc/release_notes/3.72.0.txt
-- doc/release_notes/3.73.0.txt
-- doc/release_notes/3.74.0.txt
-- doc/release_notes/3.75.0.txt
-- doc/release_notes/3.76.0.txt
-- doc/release_notes/3.77.0.txt
-- doc/release_notes/3.78.0.txt
-- doc/release_notes/3.79.0.txt
-- doc/release_notes/3.8.0.txt
-- doc/release_notes/3.80.0.txt
-- doc/release_notes/3.81.0.txt
-- doc/release_notes/3.82.0.txt
-- doc/release_notes/3.83.0.txt
-- doc/release_notes/3.9.0.txt
 - lib/roda.rb
 - lib/roda/cache.rb
 - lib/roda/plugins.rb
@@ -399,6 +223,7 @@ files:
 - lib/roda/plugins/hmac_paths.rb
 - lib/roda/plugins/hooks.rb
 - lib/roda/plugins/host_authorization.rb
+- lib/roda/plugins/hsts.rb
 - lib/roda/plugins/indifferent_params.rb
 - lib/roda/plugins/inject_erb.rb
 - lib/roda/plugins/invalid_request_body.rb
@@ -500,7 +325,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Routing tree web toolkit