secure_escrow 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
|
|
54
54
|
var formSubmitSelector = 'form';
|
|
55
55
|
|
|
56
|
-
$(
|
|
56
|
+
$(document.body).on('submit.secure_escrow', 'form', function(event) {
|
|
57
57
|
var form = $(this),
|
|
58
58
|
escrow = form.data('escrow'),
|
|
59
59
|
isEscrow = escrow !== undefined;
|
|
@@ -21,6 +21,8 @@ module SecureEscrow
|
|
|
21
21
|
BAD_NONCE = 'Bad nonce'
|
|
22
22
|
DATA_KEY = 'secure_escrow'
|
|
23
23
|
REDIRECT_CODES = 300..399
|
|
24
|
+
HTTPS = 'HTTPS'
|
|
25
|
+
ON = 'on'
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
class Middleware
|
|
@@ -77,7 +79,7 @@ module SecureEscrow
|
|
|
77
79
|
end
|
|
78
80
|
|
|
79
81
|
def store_response_in_escrow?
|
|
80
|
-
return false unless POST == env[REQUEST_METHOD]
|
|
82
|
+
return false unless POST == env[REQUEST_METHOD] && ON == env[HTTPS]
|
|
81
83
|
recognized = recognize_path
|
|
82
84
|
config[:allow_non_escrow_routes] ?
|
|
83
85
|
recognized :
|
|
@@ -96,7 +98,7 @@ module SecureEscrow
|
|
|
96
98
|
|
|
97
99
|
if headers[CONTENT_TYPE] && JSON_CONTENT.match(headers[CONTENT_TYPE])
|
|
98
100
|
body = [
|
|
99
|
-
"<html><body><script id=\"response\" type=\"text/x-json\">%s</script></body></html>" %
|
|
101
|
+
"<html><body><script id=\"response\" type=\"text/x-escrow-json\">%s</script></body></html>" %
|
|
100
102
|
{ status: status, body: body.join.to_s }.to_json
|
|
101
103
|
]
|
|
102
104
|
headers[CONTENT_TYPE] = "text/html; charset=utf-8"
|
data/spec/middleware_spec.rb
CHANGED
|
@@ -164,6 +164,7 @@ describe SecureEscrow::Middleware do
|
|
|
164
164
|
|
|
165
165
|
it 'should not store non-escrow routes' do
|
|
166
166
|
presenter.env[REQUEST_METHOD] = POST
|
|
167
|
+
presenter.env[HTTPS] = ON
|
|
167
168
|
|
|
168
169
|
rails_app.routes.should_receive(:recognize_path).
|
|
169
170
|
once.with(env[REQUEST_PATH], { method: POST }).
|
|
@@ -177,10 +178,16 @@ describe SecureEscrow::Middleware do
|
|
|
177
178
|
|
|
178
179
|
it 'should store https existent, non-escrow routes' do
|
|
179
180
|
presenter.env[REQUEST_METHOD] = POST
|
|
181
|
+
presenter.env[HTTPS] = ON
|
|
180
182
|
|
|
181
183
|
presenter.store_response_in_escrow?.should be_true
|
|
182
184
|
end
|
|
183
185
|
|
|
186
|
+
it 'should not store non-https requests' do
|
|
187
|
+
presenter.env[REQUEST_METHOD] = POST
|
|
188
|
+
presenter.store_response_in_escrow?.should be_false
|
|
189
|
+
end
|
|
190
|
+
|
|
184
191
|
it 'should not store non-existent routes' do
|
|
185
192
|
presenter.env[REQUEST_METHOD] = POST
|
|
186
193
|
rails_app.routes.stub!(:recognize_path).
|
|
@@ -192,6 +199,7 @@ describe SecureEscrow::Middleware do
|
|
|
192
199
|
|
|
193
200
|
it 'should store escrow routes' do
|
|
194
201
|
presenter.env[REQUEST_METHOD] = POST
|
|
202
|
+
presenter.env[HTTPS] = ON
|
|
195
203
|
|
|
196
204
|
rails_app.routes.should_receive(:recognize_path).
|
|
197
205
|
once.with(env[REQUEST_PATH], { method: POST }).
|
|
@@ -276,7 +284,7 @@ describe SecureEscrow::Middleware do
|
|
|
276
284
|
json_representation = "{\"status\":403,\"body\":\"text\"}"
|
|
277
285
|
|
|
278
286
|
status, headers, body = presenter.serve_response_from_escrow!
|
|
279
|
-
body.join.should eq "<html><body><script id=\"response\" type=\"text/x-json\">#{json_representation}</script></body></html>"
|
|
287
|
+
body.join.should eq "<html><body><script id=\"response\" type=\"text/x-escrow-json\">#{json_representation}</script></body></html>"
|
|
280
288
|
end
|
|
281
289
|
end
|
|
282
290
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_escrow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70188511603340 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,7 +21,7 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70188511603340
|
|
25
25
|
description: SecureEscrow provides a content proxy for Rails applications allowing
|
|
26
26
|
POSTing to secure actions from insecure domains without full-page refreshes
|
|
27
27
|
email:
|