safe_redirect 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 42781306d360f12ef01f4a73870f29f7d7bb3ccf
-  data.tar.gz: 17ee1e4e9949489f5cb4f4b80798aadbb8ed32bd
+  metadata.gz: 994d65b4b777046399df62f71dea891f3dee1e5b
+  data.tar.gz: 1d2260242c9dd0c4338b3c3baf45247f2156a32b
 SHA512:
-  metadata.gz: 9d5601897b86a1bd091e90ec5fa091f43a2d4d595715339933aa99a519edda52cd677d30d33a8f10c87879adcb6a5caf066de95e7095dc48fe3649a4fefa254a
-  data.tar.gz: f2ddf78d33afb33fb33ed17927dc24af704b2b1ccc904e21a38ac2d9bbc85fb8909cac98c1bd4594f8152c0fb90a42df6d11de91d701d970f18ff37c8967ec87
+  metadata.gz: cd5c9ca9136f6b84935e754d502d9716acf9c0c4cddf4789862fbe6e2c0839ec8590a64fd12f498c7a06234ca3479c42f1237bc0411a39208ecd21a1750a8dd8
+  data.tar.gz: ff2e823f75d81029b5ae4d9648fe77732f70f8e27dd74d51a67302faeb93b1640db62d71c857d87c0b147b1a3bd151c078efff5a4aefc73d6f29072c0b734bec

data/README.md

@@ -1,4 +1,4 @@
-# SafeRedirect
+# Safe Redirect
 
 A little gem to keep our Rails app safe from open redirection vulnerabilities.
 
@@ -16,8 +16,8 @@ Create a `config/initializer/safe_redirect.rb` file.
 
 ```rb
 SafeRedirect.configure do |config|
-  config.domain_whitelists = ['www.google.com']
-  config.default_path = 'https://www.yahoo.com'
+  config.default_path = 'https://www.yahoo.com' # default value: '/'
+  config.domain_whitelists = ['www.google.com'] # default value: []
 end
 ```
 

data/lib/safe_redirect/configuration.rb

@@ -13,5 +13,10 @@ module SafeRedirect
 
   class Configuration
     attr_accessor :default_path, :domain_whitelists
+
+    def initialize
+      self.default_path = '/'
+      self.domain_whitelists = []
+    end
   end
 end

data/lib/safe_redirect/safe_redirect.rb

@@ -1,8 +1,7 @@
 module SafeRedirect
   def safe_domain?(path)
-    whitelists = SafeRedirect.configuration.domain_whitelists || []
     path =~ /^\// && !(path =~ /^\/\/+/)  ||
-    whitelists.any? do |w|
+    SafeRedirect.configuration.domain_whitelists.any? do |w|
       path =~ /^https?:\/\/#{w}($|\/.*)/
     end
   end
@@ -13,15 +12,16 @@ module SafeRedirect
       if safe_domain?(stripped_path)
         stripped_path
       else
-        stripped_path.gsub(/https?:\/\/[a-z0-9\-\.:]*/i, '')
-                     .gsub(/^(data:|javascript:|\.|\/\/|@)+/i, '')
+        stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:]*/i, '')
+        stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
+        stripped_path
       end
     else
       SafeRedirect.configuration.default_path
     end
   end
 
-  def redirect_to(path)
-    super safe_path(path)
+  def redirect_to(path, options)
+    super safe_path(path), options
   end
 end

data/lib/safe_redirect/version.rb

@@ -1,3 +1,3 @@
 module SafeRedirect
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

data/safe_redirect.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |gem|
   gem.version       = SafeRedirect::VERSION
   gem.authors       = ["Edwin Tunggawan"]
   gem.email         = ["vcc.edwint@gmail.com"]
-  gem.description   = %q{Preventing open redirects in Ruby web apps}
-  gem.summary       = %q{Preventing open redirects in Ruby web apps}
+  gem.description   = %q{Preventing open redirects in Rails apps}
+  gem.summary       = %q{Preventing open redirects in Rails apps}
   gem.homepage      = "https://github.com/sdsdkkk/safe_redirect"
 
   gem.files         = `git ls-files`.split($/)

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: safe_redirect
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Edwin Tunggawan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-30 00:00:00.000000000 Z
+date: 2016-05-01 00:00:00.000000000 Z
 dependencies: []
-description: Preventing open redirects in Ruby web apps
+description: Preventing open redirects in Rails apps
 email:
 - vcc.edwint@gmail.com
 executables: []
@@ -48,5 +48,5 @@ rubyforge_project:
 rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
-summary: Preventing open redirects in Ruby web apps
+summary: Preventing open redirects in Rails apps
 test_files: []