secure_escrow 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/secure_escrow/middleware.rb +15 -3
- data/lib/secure_escrow/version.rb +1 -1
- metadata +3 -3
@@ -21,8 +21,12 @@ module SecureEscrow
|
|
21
21
|
BAD_NONCE = 'Bad nonce'
|
22
22
|
DATA_KEY = 'secure_escrow'
|
23
23
|
REDIRECT_CODES = 300..399
|
24
|
-
|
25
|
-
|
24
|
+
|
25
|
+
HTTPS = 'HTTPS'
|
26
|
+
LCASE_HTTPS = 'https'
|
27
|
+
ON = 'on'
|
28
|
+
HTTP_X_FORWARDED_PROTO = 'HTTP_X_FORWARDED_PROTO'
|
29
|
+
RACK_URL_SCHEME = 'rack.url_scheme'
|
26
30
|
end
|
27
31
|
|
28
32
|
class Middleware
|
@@ -79,7 +83,7 @@ module SecureEscrow
|
|
79
83
|
end
|
80
84
|
|
81
85
|
def store_response_in_escrow?
|
82
|
-
return false unless POST == env[REQUEST_METHOD] &&
|
86
|
+
return false unless POST == env[REQUEST_METHOD] && https?
|
83
87
|
recognized = recognize_path
|
84
88
|
config[:allow_non_escrow_routes] ?
|
85
89
|
recognized :
|
@@ -204,6 +208,14 @@ module SecureEscrow
|
|
204
208
|
end
|
205
209
|
|
206
210
|
private
|
211
|
+
def https?
|
212
|
+
# Fixed in rack >= 1.3
|
213
|
+
return true if env[HTTPS] == ON
|
214
|
+
return true if LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO]
|
215
|
+
return true if env[HTTP_X_FORWARDED_PROTO] && LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO].split(',')[0]
|
216
|
+
return true if LCASE_HTTPS == env[RACK_URL_SCHEME]
|
217
|
+
end
|
218
|
+
|
207
219
|
def rails_config
|
208
220
|
@rails_config ||= rails_app.config.secure_escrow
|
209
221
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_escrow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
|
-
requirement: &
|
16
|
+
requirement: &70339795526920 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,7 +21,7 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :development
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70339795526920
|
25
25
|
description: SecureEscrow provides a content proxy for Rails applications allowing
|
26
26
|
POSTing to secure actions from insecure domains without full-page refreshes
|
27
27
|
email:
|