secure_escrow 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/secure_escrow/middleware.rb +15 -3
- data/lib/secure_escrow/version.rb +1 -1
- metadata +3 -3
|
@@ -21,8 +21,12 @@ module SecureEscrow
|
|
|
21
21
|
BAD_NONCE = 'Bad nonce'
|
|
22
22
|
DATA_KEY = 'secure_escrow'
|
|
23
23
|
REDIRECT_CODES = 300..399
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
|
|
25
|
+
HTTPS = 'HTTPS'
|
|
26
|
+
LCASE_HTTPS = 'https'
|
|
27
|
+
ON = 'on'
|
|
28
|
+
HTTP_X_FORWARDED_PROTO = 'HTTP_X_FORWARDED_PROTO'
|
|
29
|
+
RACK_URL_SCHEME = 'rack.url_scheme'
|
|
26
30
|
end
|
|
27
31
|
|
|
28
32
|
class Middleware
|
|
@@ -79,7 +83,7 @@ module SecureEscrow
|
|
|
79
83
|
end
|
|
80
84
|
|
|
81
85
|
def store_response_in_escrow?
|
|
82
|
-
return false unless POST == env[REQUEST_METHOD] &&
|
|
86
|
+
return false unless POST == env[REQUEST_METHOD] && https?
|
|
83
87
|
recognized = recognize_path
|
|
84
88
|
config[:allow_non_escrow_routes] ?
|
|
85
89
|
recognized :
|
|
@@ -204,6 +208,14 @@ module SecureEscrow
|
|
|
204
208
|
end
|
|
205
209
|
|
|
206
210
|
private
|
|
211
|
+
def https?
|
|
212
|
+
# Fixed in rack >= 1.3
|
|
213
|
+
return true if env[HTTPS] == ON
|
|
214
|
+
return true if LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO]
|
|
215
|
+
return true if env[HTTP_X_FORWARDED_PROTO] && LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO].split(',')[0]
|
|
216
|
+
return true if LCASE_HTTPS == env[RACK_URL_SCHEME]
|
|
217
|
+
end
|
|
218
|
+
|
|
207
219
|
def rails_config
|
|
208
220
|
@rails_config ||= rails_app.config.secure_escrow
|
|
209
221
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_escrow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.7
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70339795526920 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,7 +21,7 @@ dependencies:
|
|
|
21
21
|
version: '0'
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70339795526920
|
|
25
25
|
description: SecureEscrow provides a content proxy for Rails applications allowing
|
|
26
26
|
POSTing to secure actions from insecure domains without full-page refreshes
|
|
27
27
|
email:
|