secure_escrow 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
@@ -21,8 +21,12 @@ module SecureEscrow
21
21
  BAD_NONCE = 'Bad nonce'
22
22
  DATA_KEY = 'secure_escrow'
23
23
  REDIRECT_CODES = 300..399
24
- HTTPS = 'HTTPS'
25
- ON = 'on'
24
+
25
+ HTTPS = 'HTTPS'
26
+ LCASE_HTTPS = 'https'
27
+ ON = 'on'
28
+ HTTP_X_FORWARDED_PROTO = 'HTTP_X_FORWARDED_PROTO'
29
+ RACK_URL_SCHEME = 'rack.url_scheme'
26
30
  end
27
31
 
28
32
  class Middleware
@@ -79,7 +83,7 @@ module SecureEscrow
79
83
  end
80
84
 
81
85
  def store_response_in_escrow?
82
- return false unless POST == env[REQUEST_METHOD] && ON == env[HTTPS]
86
+ return false unless POST == env[REQUEST_METHOD] && https?
83
87
  recognized = recognize_path
84
88
  config[:allow_non_escrow_routes] ?
85
89
  recognized :
@@ -204,6 +208,14 @@ module SecureEscrow
204
208
  end
205
209
 
206
210
  private
211
+ def https?
212
+ # Fixed in rack >= 1.3
213
+ return true if env[HTTPS] == ON
214
+ return true if LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO]
215
+ return true if env[HTTP_X_FORWARDED_PROTO] && LCASE_HTTPS == env[HTTP_X_FORWARDED_PROTO].split(',')[0]
216
+ return true if LCASE_HTTPS == env[RACK_URL_SCHEME]
217
+ end
218
+
207
219
  def rails_config
208
220
  @rails_config ||= rails_app.config.secure_escrow
209
221
  end
@@ -1,3 +1,3 @@
1
1
  module SecureEscrow
2
- VERSION = "0.0.6"
2
+ VERSION = "0.0.7"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_escrow
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70227384088900 !ruby/object:Gem::Requirement
16
+ requirement: &70339795526920 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
21
21
  version: '0'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70227384088900
24
+ version_requirements: *70339795526920
25
25
  description: SecureEscrow provides a content proxy for Rails applications allowing
26
26
  POSTing to secure actions from insecure domains without full-page refreshes
27
27
  email: