secure_escrow 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
|
|
54
54
|
var formSubmitSelector = 'form';
|
|
55
55
|
|
|
56
|
-
$(
|
|
56
|
+
$(document.body).on('submit.secure_escrow', 'form', function(event) {
|
|
57
57
|
var form = $(this),
|
|
58
58
|
escrow = form.data('escrow'),
|
|
59
59
|
isEscrow = escrow !== undefined;
|
|
@@ -21,6 +21,8 @@ module SecureEscrow
|
|
|
21
21
|
BAD_NONCE = 'Bad nonce'
|
|
22
22
|
DATA_KEY = 'secure_escrow'
|
|
23
23
|
REDIRECT_CODES = 300..399
|
|
24
|
+
HTTPS = 'HTTPS'
|
|
25
|
+
ON = 'on'
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
class Middleware
|
|
@@ -77,7 +79,7 @@ module SecureEscrow
|
|
|
77
79
|
end
|
|
78
80
|
|
|
79
81
|
def store_response_in_escrow?
|
|
80
|
-
return false unless POST == env[REQUEST_METHOD]
|
|
82
|
+
return false unless POST == env[REQUEST_METHOD] && ON == env[HTTPS]
|
|
81
83
|
recognized = recognize_path
|
|
82
84
|
config[:allow_non_escrow_routes] ?
|
|
83
85
|
recognized :
|
|
@@ -96,7 +98,7 @@ module SecureEscrow
|
|
|
96
98
|
|
|
97
99
|
if headers[CONTENT_TYPE] && JSON_CONTENT.match(headers[CONTENT_TYPE])
|
|
98
100
|
body = [
|
|
99
|
-
"<html><body><script id=\"response\" type=\"text/x-json\">%s</script></body></html>" %
|
|
101
|
+
"<html><body><script id=\"response\" type=\"text/x-escrow-json\">%s</script></body></html>" %
|
|
100
102
|
{ status: status, body: body.join.to_s }.to_json
|
|
101
103
|
]
|
|
102
104
|
headers[CONTENT_TYPE] = "text/html; charset=utf-8"
|
data/spec/middleware_spec.rb
CHANGED
|
@@ -164,6 +164,7 @@ describe SecureEscrow::Middleware do
|
|
|
164
164
|
|
|
165
165
|
it 'should not store non-escrow routes' do
|
|
166
166
|
presenter.env[REQUEST_METHOD] = POST
|
|
167
|
+
presenter.env[HTTPS] = ON
|
|
167
168
|
|
|
168
169
|
rails_app.routes.should_receive(:recognize_path).
|
|
169
170
|
once.with(env[REQUEST_PATH], { method: POST }).
|
|
@@ -177,10 +178,16 @@ describe SecureEscrow::Middleware do
|
|
|
177
178
|
|
|
178
179
|
it 'should store https existent, non-escrow routes' do
|
|
179
180
|
presenter.env[REQUEST_METHOD] = POST
|
|
181
|
+
presenter.env[HTTPS] = ON
|
|
180
182
|
|
|
181
183
|
presenter.store_response_in_escrow?.should be_true
|
|
182
184
|
end
|
|
183
185
|
|
|
186
|
+
it 'should not store non-https requests' do
|
|
187
|
+
presenter.env[REQUEST_METHOD] = POST
|
|
188
|
+
presenter.store_response_in_escrow?.should be_false
|
|
189
|
+
end
|
|
190
|
+
|
|
184
191
|
it 'should not store non-existent routes' do
|
|
185
192
|
presenter.env[REQUEST_METHOD] = POST
|
|
186
193
|
rails_app.routes.stub!(:recognize_path).
|
|
@@ -192,6 +199,7 @@ describe SecureEscrow::Middleware do
|
|
|
192
199
|
|
|
193
200
|
it 'should store escrow routes' do
|
|
194
201
|
presenter.env[REQUEST_METHOD] = POST
|
|
202
|
+
presenter.env[HTTPS] = ON
|
|
195
203
|
|
|
196
204
|
rails_app.routes.should_receive(:recognize_path).
|
|
197
205
|
once.with(env[REQUEST_PATH], { method: POST }).
|
|
@@ -276,7 +284,7 @@ describe SecureEscrow::Middleware do
|
|
|
276
284
|
json_representation = "{\"status\":403,\"body\":\"text\"}"
|
|
277
285
|
|
|
278
286
|
status, headers, body = presenter.serve_response_from_escrow!
|
|
279
|
-
body.join.should eq "<html><body><script id=\"response\" type=\"text/x-json\">#{json_representation}</script></body></html>"
|
|
287
|
+
body.join.should eq "<html><body><script id=\"response\" type=\"text/x-escrow-json\">#{json_representation}</script></body></html>"
|
|
280
288
|
end
|
|
281
289
|
end
|
|
282
290
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_escrow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70188511603340 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,7 +21,7 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70188511603340
|
|
25
25
|
description: SecureEscrow provides a content proxy for Rails applications allowing
|
|
26
26
|
POSTing to secure actions from insecure domains without full-page refreshes
|
|
27
27
|
email:
|