static-rails 0.0.11 → 0.0.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d5808adb0f3f344a5706a6dddb5053899047f5d8aa4bbddb577168319b9aa046
4
- data.tar.gz: d84c08d618e80a28b95be9da396f34d57636985ecf83859a906c5997a1532238
3
+ metadata.gz: 3c9c3f77b3746fd75f797c4c33815e5c699af9e4c1c9a88f56234117406d1b7f
4
+ data.tar.gz: bf8d899c95891497e8a17492d58315993af2d189f7a3ea3e848937f04e252a81
5
5
  SHA512:
6
- metadata.gz: adb43e14b69561af8ce12989d319782b95d8c915b30968c4ce28d6bbf109426b8d606ba83d860002c2d793c16be3fbfe6c962be473df83507fd18d1e16de66c4
7
- data.tar.gz: 7f4e6b9a9ed8dabaccd3a0da66671c36605a56e15da8483fe17f9518badbe3be6e2b82369ac4e7a05af9b4d594eaec1b010ad7616fc77b3aa835f81e0f87aa57
6
+ metadata.gz: 8ae97c0207f5fcfe0516d78e43738ec6c8def425312dd0af03070c488927ee812824b1ec3742ee21e874e3d8e47568f44e1bd577757aa0054f8a3dcadce7c943
7
+ data.tar.gz: f840d03e50b3017ecccc9a259d9f89e0ce92dc76b735f47bc6a8873c17efb6f87ece051eb6167f6a11f603e88c5e5c5ca2afac9b9f2d886bf098e63fc0491133
@@ -1,3 +1,10 @@
1
+ ## 0.0.12
2
+
3
+ * Fix an issue in which enabling force_ssl would result in redirects to the
4
+ obfuscated `/_static_rails/` path. Resolved this by placing the static-rails
5
+ middleware after `ActionDispatch::SSL`. Note that this will break if you
6
+ remove `Rack::SendFile` from your app's middleware stack
7
+
1
8
  ## 0.0.11
2
9
 
3
10
  * Inline the `ActionDispatch::FileHandler` from Rails master so that we can
@@ -1,27 +1,27 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- static-rails (0.0.11)
4
+ static-rails (0.0.12)
5
5
  rack-proxy (~> 0.6)
6
6
  railties (>= 5.0.0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (6.0.3.1)
12
- actionview (= 6.0.3.1)
13
- activesupport (= 6.0.3.1)
11
+ actionpack (6.0.3.2)
12
+ actionview (= 6.0.3.2)
13
+ activesupport (= 6.0.3.2)
14
14
  rack (~> 2.0, >= 2.0.8)
15
15
  rack-test (>= 0.6.3)
16
16
  rails-dom-testing (~> 2.0)
17
17
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
- actionview (6.0.3.1)
19
- activesupport (= 6.0.3.1)
18
+ actionview (6.0.3.2)
19
+ activesupport (= 6.0.3.2)
20
20
  builder (~> 3.1)
21
21
  erubi (~> 1.4)
22
22
  rails-dom-testing (~> 2.0)
23
23
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
- activesupport (6.0.3.1)
24
+ activesupport (6.0.3.2)
25
25
  concurrent-ruby (~> 1.0, >= 1.0.2)
26
26
  i18n (>= 0.7, < 2)
27
27
  minitest (~> 5.1)
@@ -34,7 +34,7 @@ GEM
34
34
  erubi (1.9.0)
35
35
  i18n (1.8.3)
36
36
  concurrent-ruby (~> 1.0)
37
- loofah (2.5.0)
37
+ loofah (2.6.0)
38
38
  crass (~> 1.0.2)
39
39
  nokogiri (>= 1.5.9)
40
40
  method_source (1.0.0)
@@ -45,7 +45,7 @@ GEM
45
45
  parallel (1.19.1)
46
46
  parser (2.7.1.3)
47
47
  ast (~> 2.4.0)
48
- rack (2.2.2)
48
+ rack (2.2.3)
49
49
  rack-proxy (0.6.5)
50
50
  rack
51
51
  rack-test (1.1.0)
@@ -55,9 +55,9 @@ GEM
55
55
  nokogiri (>= 1.6)
56
56
  rails-html-sanitizer (1.3.0)
57
57
  loofah (~> 2.3)
58
- railties (6.0.3.1)
59
- actionpack (= 6.0.3.1)
60
- activesupport (= 6.0.3.1)
58
+ railties (6.0.3.2)
59
+ actionpack (= 6.0.3.2)
60
+ activesupport (= 6.0.3.2)
61
61
  method_source
62
62
  rake (>= 0.8.7)
63
63
  thor (>= 0.20.3, < 2.0)
@@ -34,14 +34,14 @@ StaticRails.config do |config|
34
34
  # url_root_path: "/",
35
35
  #
36
36
  # # Don't serve/redirect routes whose paths start with these strings
37
- # url_skip_paths_starting_with: ["/api"]
37
+ # url_skip_paths_starting_with: ["/api"],
38
38
  #
39
39
  # # Whether to run the local development/test server or not
40
40
  # start_server: !Rails.env.production?,
41
41
  #
42
42
  # # If start_server is true, wait to proxy requests to the server until it
43
43
  # # can connect to server_host over TCP on server_port
44
- # ping_server: true
44
+ # ping_server: true,
45
45
  #
46
46
  # # Any environment variables you need to pass to the server & compile
47
47
  # # commands as a hash (e.g. `env: {"BUNDLE_PATH" => "vendor/bundle"}`)
@@ -65,7 +65,7 @@ StaticRails.config do |config|
65
65
  # compile_command: "hugo",
66
66
  #
67
67
  # # The destination of production-compiled assets, relative to Rails root
68
- # compile_dir: "static/blog/dist"
68
+ # compile_dir: "static/blog/dist",
69
69
  #
70
70
  # # A 404 page to be sent when serving compiled assets and no file matches
71
71
  # compile_404_file_path: "404.html"
@@ -36,7 +36,7 @@ module StaticRails
36
36
  attr_reader :sites
37
37
  def sites=(sites)
38
38
  @sites = Array.wrap(sites).map { |site|
39
- Site.new(site)
39
+ Site.new(**site)
40
40
  }
41
41
  end
42
42
  end
@@ -10,16 +10,18 @@ module StaticRails
10
10
 
11
11
  private
12
12
 
13
- def csrf_token_hmac(session, identifier)
14
- ActionController::RequestForgeryProtection.instance_method(:csrf_token_hmac).bind(self).call(session, identifier)
15
- end
16
-
17
- def mask_token(raw_token)
18
- ActionController::RequestForgeryProtection.instance_method(:mask_token).bind(self).call(raw_token)
13
+ [
14
+ :csrf_token_hmac,
15
+ :mask_token,
16
+ :xor_byte_strings
17
+ ].each do |method|
18
+ define_method method do |*args, **kwargs, &blk|
19
+ ActionController::RequestForgeryProtection.instance_method(method).bind(self).call(*args, **kwargs, &blk)
20
+ end
19
21
  end
20
22
 
21
23
  def masked_authenticity_token(session, form_options: {})
22
- ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options)
24
+ ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options: form_options)
23
25
  end
24
26
 
25
27
  def global_csrf_token(session)
@@ -30,10 +32,6 @@ module StaticRails
30
32
  ActionController::RequestForgeryProtection.instance_method(:real_csrf_token).bind(self).call(session)
31
33
  end
32
34
 
33
- def xor_byte_strings(s1, s2)
34
- ActionController::RequestForgeryProtection.instance_method(:xor_byte_strings).bind(self).call(s1, s2)
35
- end
36
-
37
35
  def per_form_csrf_tokens
38
36
  false
39
37
  end
@@ -10,7 +10,7 @@ module StaticRails
10
10
  end
11
11
 
12
12
  initializer "static_rails.middleware" do
13
- config.app_middleware.insert_before 0, SiteMiddleware
13
+ config.app_middleware.insert_after Rack::Sendfile, SiteMiddleware
14
14
  config.app_middleware.use SitePlusCsrfMiddleware
15
15
  end
16
16
 
@@ -40,7 +40,7 @@ module StaticRails
40
40
  #
41
41
  # (By the way, this was all Matthew Draper's bright idea. You can
42
42
  # compliment him here: https://github.com/matthewd )
43
- @app.call(env.merge("PATH_INFO" => PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
43
+ @app.call(env.merge("PATH_INFO" => "/" + PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
44
44
  elsif StaticRails.config.proxy_requests
45
45
  @proxy_middleware.call(env)
46
46
  elsif StaticRails.config.serve_compiled_assets
@@ -13,10 +13,10 @@ module StaticRails
13
13
  end
14
14
 
15
15
  def call(env)
16
- return @app.call(env) unless env["PATH_INFO"]&.start_with?(PATH_INFO_OBFUSCATION) || @determines_whether_to_handle_request.call(env)
16
+ return @app.call(env) unless env["PATH_INFO"]&.start_with?(/\/?#{PATH_INFO_OBFUSCATION}/) || @determines_whether_to_handle_request.call(env)
17
17
 
18
18
  env = env.merge(
19
- "PATH_INFO" => env["PATH_INFO"].gsub(/^#{PATH_INFO_OBFUSCATION}/, "")
19
+ "PATH_INFO" => env["PATH_INFO"].gsub(/^\/?#{PATH_INFO_OBFUSCATION}/, "")
20
20
  )
21
21
  status, headers, body = super(env)
22
22
 
@@ -1,3 +1,3 @@
1
1
  module StaticRails
2
- VERSION = "0.0.11"
2
+ VERSION = "0.0.12"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: static-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Searls
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-06-11 00:00:00.000000000 Z
11
+ date: 2020-06-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties