secure_escrow 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -21,8 +21,12 @@ module SecureEscrow
21
21
  BAD_NONCE = 'Bad nonce'
22
22
  DATA_KEY = 'secure_escrow'
23
23
  REDIRECT_CODES = 300..399
24
- HTTPS = 'HTTPS'
25
- ON = 'on'
24
+
25
+ HTTPS = 'HTTPS'
26
+ LCASE_HTTPS = 'https'
27
+ ON = 'on'
28
+ HTTP_X_FORWARDED_PROTO = 'HTTP_X_FORWARDED_PROTO'
29
+ RACK_URL_SCHEME = 'rack.url_scheme'
26
30
  end
27
31
 
28
32
  class Middleware
@@ -79,7 +83,7 @@ module SecureEscrow
79
83
  end
80
84
 
81
85
  def store_response_in_escrow?
82
- return false unless POST == env[REQUEST_METHOD] && ON == env[HTTPS]
86
+ return false unless POST == env[REQUEST_METHOD] && https?
83
87
  recognized = recognize_path
84
88
  config[:allow_non_escrow_routes] ?
85
89
  recognized :
@@ -204,6 +208,14 @@ module SecureEscrow
204
208
  end
205
209
 
206
210
  private
211
+ def https?
212
+ # Fixed in rack >= 1.3
213
+ return true if env[HTTPS] == ON
214
+ return true if LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO]
215
+ return true if env[HTTP_X_FORWARDED_PROTO] && LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO].split(',')[0]
216
+ return true if LCASE_HTTPS == env[RACK_URL_SCHEME]
217
+ end
218
+
207
219
  def rails_config
208
220
  @rails_config ||= rails_app.config.secure_escrow
209
221
  end
@@ -1,3 +1,3 @@
1
1
  module SecureEscrow
2
- VERSION = "0.0.6"
2
+ VERSION = "0.0.7"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_escrow
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70227384088900 !ruby/object:Gem::Requirement
16
+ requirement: &70339795526920 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
21
21
  version: '0'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70227384088900
24
+ version_requirements: *70339795526920
25
25
  description: SecureEscrow provides a content proxy for Rails applications allowing
26
26
  POSTing to secure actions from insecure domains without full-page refreshes
27
27
  email: