same_site_cookie_fix 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/lib/same_site_cookie_fix/middleware.rb +58 -0
  3. data/lib/same_site_cookie_fix/railtie.rb +7 -0
  4. data/lib/same_site_cookie_fix/version.rb +5 -0
  5. data/lib/same_site_cookie_fix.rb +5 -0
  6. metadata +62 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 31d1e0e8dabda0f0c00de78e9cf12dcd076b29702a5db6f40469e7831d2d7a2e
4
+ data.tar.gz: 1d77b4362e2344ac110b1dfac01cb5ac356e033a98bcf835b36b4c2f62670a1c
5
+ SHA512:
6
+ metadata.gz: db5e35935fe1723c903ce9930b732c7ea36f54a6a5b89d3c4dabfe9b1da8aee2cacd29e052c62efbb3a9503bbc74572ddb870da4198303507b28800f23e83be8
7
+ data.tar.gz: 92cdf746e1a8796253b66c8dd102382623de1a36eea772b5b51286da18b4c346950872326df58f7932051a78c5eafe67dfe02158267759c3610ed4c55682af55
data/lib/same_site_cookie_fix/middleware.rb ADDED
@@ -0,0 +1,58 @@
1
+ module SameSiteCookieFix
2
+ class Middleware
3
+ def initialize(app)
4
+ @app = app
5
+ end
6
+
7
+ def call(env)
8
+ _status, headers, _body = @app.call(env)
9
+ ensure
10
+ user_agent = env['HTTP_USER_AGENT']
11
+
12
+ if headers && headers['Set-Cookie'] && !SameSiteCookieFix::Middleware.same_site_none_incompatible?(user_agent)
13
+ cookies = headers['Set-Cookie'].split("\n").compact
14
+
15
+ cookies.each do |cookie|
16
+ unless cookie.include?("; SameSite")
17
+ headers['Set-Cookie'] = headers['Set-Cookie'].gsub("#{cookie}", "#{cookie}; secure; SameSite=None\n")
18
+ end
19
+ end
20
+ end
21
+ end
22
+
23
+ def self.same_site_none_incompatible?(user_agent)
24
+ sniffer = BrowserSniffer.new(user_agent)
25
+
26
+ webkit_same_site_bug?(sniffer) || drops_unrecognized_same_site_cookies?(sniffer)
27
+ rescue
28
+ true
29
+ end
30
+
31
+ def self.webkit_same_site_bug?(sniffer)
32
+ (sniffer.os == :ios && sniffer.os_version.match?(/^([0-9]|1[12])[\.\_]/)) ||
33
+ (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match?(/^10[\.\_]14/))
34
+ end
35
+
36
+ def self.drops_unrecognized_same_site_cookies?(sniffer)
37
+ (chromium_based?(sniffer) && sniffer.major_browser_version >= 51 && sniffer.major_browser_version <= 66) ||
38
+ (uc_browser?(sniffer) && !uc_browser_version_at_least?(sniffer: sniffer, major: 12, minor: 13, build: 2))
39
+ end
40
+
41
+ def self.chromium_based?(sniffer)
42
+ sniffer.browser_name.downcase.match?(/chrom(e|ium)/)
43
+ end
44
+
45
+ def self.uc_browser?(sniffer)
46
+ sniffer.user_agent.downcase.match?(/uc\s?browser/)
47
+ end
48
+
49
+ def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
50
+ digits = sniffer.browser_version.split('.').map(&:to_i)
51
+ return false unless digits.count >= 3
52
+
53
+ return digits[0] > major if digits[0] != major
54
+ return digits[1] > minor if digits[1] != minor
55
+ digits[2] >= build
56
+ end
57
+ end
58
+ end
data/lib/same_site_cookie_fix/railtie.rb ADDED
@@ -0,0 +1,7 @@
1
+ module SameSiteCookieFix
2
+ class Railtie < Rails::Railtie
3
+ initializer "same_site_cookie_fix.railtie.configure_rails_initialization" do |app|
4
+ app.middleware.use SameSiteCookieFix::Middleware
5
+ end
6
+ end
7
+ end
data/lib/same_site_cookie_fix/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ module SameSiteCookieFix
2
+
3
+ VERSION = '0.0.1'.freeze
4
+
5
+ end
data/lib/same_site_cookie_fix.rb ADDED
@@ -0,0 +1,5 @@
1
+ require 'same_site_cookie_fix/version'
2
+ require 'same_site_cookie_fix/railtie' if defined?(Rails)
3
+
4
+ module SameSiteCookieFix
5
+ end
metadata ADDED
@@ -0,0 +1,62 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: same_site_cookie_fix
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Gavin Ballard
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-10-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: browser_sniffer
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ description: Addresses the SameSite=None cookie issue for Disco Rails apps.
28
+ email:
29
+ - gavin@gavinballard.com
30
+ executables: []
31
+ extensions: []
32
+ extra_rdoc_files: []
33
+ files:
34
+ - lib/same_site_cookie_fix.rb
35
+ - lib/same_site_cookie_fix/middleware.rb
36
+ - lib/same_site_cookie_fix/railtie.rb
37
+ - lib/same_site_cookie_fix/version.rb
38
+ homepage: https://github.com/discolabs/same_site_cookie_fix/
39
+ licenses:
40
+ - None
41
+ metadata: {}
42
+ post_install_message:
43
+ rdoc_options: []
44
+ require_paths:
45
+ - lib
46
+ required_ruby_version: !ruby/object:Gem::Requirement
47
+ requirements:
48
+ - - ">="
49
+ - !ruby/object:Gem::Version
50
+ version: '0'
51
+ required_rubygems_version: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - ">="
54
+ - !ruby/object:Gem::Version
55
+ version: '0'
56
+ requirements: []
57
+ rubyforge_project:
58
+ rubygems_version: 2.7.6
59
+ signing_key:
60
+ specification_version: 4
61
+ summary: Addresses the SameSite=None cookie issue for Disco Rails apps.
62
+ test_files: []