static-rails 0.0.11 → 0.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/Gemfile.lock +12 -12
- data/lib/generators/templates/static.rb +3 -3
- data/lib/static-rails/configuration.rb +1 -1
- data/lib/static-rails/gets_csrf_token.rb +9 -11
- data/lib/static-rails/railtie.rb +1 -1
- data/lib/static-rails/site_middleware.rb +1 -1
- data/lib/static-rails/site_plus_csrf_middleware.rb +2 -2
- data/lib/static-rails/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3c9c3f77b3746fd75f797c4c33815e5c699af9e4c1c9a88f56234117406d1b7f
|
4
|
+
data.tar.gz: bf8d899c95891497e8a17492d58315993af2d189f7a3ea3e848937f04e252a81
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8ae97c0207f5fcfe0516d78e43738ec6c8def425312dd0af03070c488927ee812824b1ec3742ee21e874e3d8e47568f44e1bd577757aa0054f8a3dcadce7c943
|
7
|
+
data.tar.gz: f840d03e50b3017ecccc9a259d9f89e0ce92dc76b735f47bc6a8873c17efb6f87ece051eb6167f6a11f603e88c5e5c5ca2afac9b9f2d886bf098e63fc0491133
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
## 0.0.12
|
2
|
+
|
3
|
+
* Fix an issue in which enabling force_ssl would result in redirects to the
|
4
|
+
obfuscated `/_static_rails/` path. Resolved this by placing the static-rails
|
5
|
+
middleware after `ActionDispatch::SSL`. Note that this will break if you
|
6
|
+
remove `Rack::SendFile` from your app's middleware stack
|
7
|
+
|
1
8
|
## 0.0.11
|
2
9
|
|
3
10
|
* Inline the `ActionDispatch::FileHandler` from Rails master so that we can
|
data/Gemfile.lock
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
static-rails (0.0.
|
4
|
+
static-rails (0.0.12)
|
5
5
|
rack-proxy (~> 0.6)
|
6
6
|
railties (>= 5.0.0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: https://rubygems.org/
|
10
10
|
specs:
|
11
|
-
actionpack (6.0.3.
|
12
|
-
actionview (= 6.0.3.
|
13
|
-
activesupport (= 6.0.3.
|
11
|
+
actionpack (6.0.3.2)
|
12
|
+
actionview (= 6.0.3.2)
|
13
|
+
activesupport (= 6.0.3.2)
|
14
14
|
rack (~> 2.0, >= 2.0.8)
|
15
15
|
rack-test (>= 0.6.3)
|
16
16
|
rails-dom-testing (~> 2.0)
|
17
17
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
18
|
-
actionview (6.0.3.
|
19
|
-
activesupport (= 6.0.3.
|
18
|
+
actionview (6.0.3.2)
|
19
|
+
activesupport (= 6.0.3.2)
|
20
20
|
builder (~> 3.1)
|
21
21
|
erubi (~> 1.4)
|
22
22
|
rails-dom-testing (~> 2.0)
|
23
23
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
24
|
-
activesupport (6.0.3.
|
24
|
+
activesupport (6.0.3.2)
|
25
25
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
26
26
|
i18n (>= 0.7, < 2)
|
27
27
|
minitest (~> 5.1)
|
@@ -34,7 +34,7 @@ GEM
|
|
34
34
|
erubi (1.9.0)
|
35
35
|
i18n (1.8.3)
|
36
36
|
concurrent-ruby (~> 1.0)
|
37
|
-
loofah (2.
|
37
|
+
loofah (2.6.0)
|
38
38
|
crass (~> 1.0.2)
|
39
39
|
nokogiri (>= 1.5.9)
|
40
40
|
method_source (1.0.0)
|
@@ -45,7 +45,7 @@ GEM
|
|
45
45
|
parallel (1.19.1)
|
46
46
|
parser (2.7.1.3)
|
47
47
|
ast (~> 2.4.0)
|
48
|
-
rack (2.2.
|
48
|
+
rack (2.2.3)
|
49
49
|
rack-proxy (0.6.5)
|
50
50
|
rack
|
51
51
|
rack-test (1.1.0)
|
@@ -55,9 +55,9 @@ GEM
|
|
55
55
|
nokogiri (>= 1.6)
|
56
56
|
rails-html-sanitizer (1.3.0)
|
57
57
|
loofah (~> 2.3)
|
58
|
-
railties (6.0.3.
|
59
|
-
actionpack (= 6.0.3.
|
60
|
-
activesupport (= 6.0.3.
|
58
|
+
railties (6.0.3.2)
|
59
|
+
actionpack (= 6.0.3.2)
|
60
|
+
activesupport (= 6.0.3.2)
|
61
61
|
method_source
|
62
62
|
rake (>= 0.8.7)
|
63
63
|
thor (>= 0.20.3, < 2.0)
|
@@ -34,14 +34,14 @@ StaticRails.config do |config|
|
|
34
34
|
# url_root_path: "/",
|
35
35
|
#
|
36
36
|
# # Don't serve/redirect routes whose paths start with these strings
|
37
|
-
# url_skip_paths_starting_with: ["/api"]
|
37
|
+
# url_skip_paths_starting_with: ["/api"],
|
38
38
|
#
|
39
39
|
# # Whether to run the local development/test server or not
|
40
40
|
# start_server: !Rails.env.production?,
|
41
41
|
#
|
42
42
|
# # If start_server is true, wait to proxy requests to the server until it
|
43
43
|
# # can connect to server_host over TCP on server_port
|
44
|
-
# ping_server: true
|
44
|
+
# ping_server: true,
|
45
45
|
#
|
46
46
|
# # Any environment variables you need to pass to the server & compile
|
47
47
|
# # commands as a hash (e.g. `env: {"BUNDLE_PATH" => "vendor/bundle"}`)
|
@@ -65,7 +65,7 @@ StaticRails.config do |config|
|
|
65
65
|
# compile_command: "hugo",
|
66
66
|
#
|
67
67
|
# # The destination of production-compiled assets, relative to Rails root
|
68
|
-
# compile_dir: "static/blog/dist"
|
68
|
+
# compile_dir: "static/blog/dist",
|
69
69
|
#
|
70
70
|
# # A 404 page to be sent when serving compiled assets and no file matches
|
71
71
|
# compile_404_file_path: "404.html"
|
@@ -10,16 +10,18 @@ module StaticRails
|
|
10
10
|
|
11
11
|
private
|
12
12
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
13
|
+
[
|
14
|
+
:csrf_token_hmac,
|
15
|
+
:mask_token,
|
16
|
+
:xor_byte_strings
|
17
|
+
].each do |method|
|
18
|
+
define_method method do |*args, **kwargs, &blk|
|
19
|
+
ActionController::RequestForgeryProtection.instance_method(method).bind(self).call(*args, **kwargs, &blk)
|
20
|
+
end
|
19
21
|
end
|
20
22
|
|
21
23
|
def masked_authenticity_token(session, form_options: {})
|
22
|
-
ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options)
|
24
|
+
ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options: form_options)
|
23
25
|
end
|
24
26
|
|
25
27
|
def global_csrf_token(session)
|
@@ -30,10 +32,6 @@ module StaticRails
|
|
30
32
|
ActionController::RequestForgeryProtection.instance_method(:real_csrf_token).bind(self).call(session)
|
31
33
|
end
|
32
34
|
|
33
|
-
def xor_byte_strings(s1, s2)
|
34
|
-
ActionController::RequestForgeryProtection.instance_method(:xor_byte_strings).bind(self).call(s1, s2)
|
35
|
-
end
|
36
|
-
|
37
35
|
def per_form_csrf_tokens
|
38
36
|
false
|
39
37
|
end
|
data/lib/static-rails/railtie.rb
CHANGED
@@ -10,7 +10,7 @@ module StaticRails
|
|
10
10
|
end
|
11
11
|
|
12
12
|
initializer "static_rails.middleware" do
|
13
|
-
config.app_middleware.
|
13
|
+
config.app_middleware.insert_after Rack::Sendfile, SiteMiddleware
|
14
14
|
config.app_middleware.use SitePlusCsrfMiddleware
|
15
15
|
end
|
16
16
|
|
@@ -40,7 +40,7 @@ module StaticRails
|
|
40
40
|
#
|
41
41
|
# (By the way, this was all Matthew Draper's bright idea. You can
|
42
42
|
# compliment him here: https://github.com/matthewd )
|
43
|
-
@app.call(env.merge("PATH_INFO" => PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
|
43
|
+
@app.call(env.merge("PATH_INFO" => "/" + PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
|
44
44
|
elsif StaticRails.config.proxy_requests
|
45
45
|
@proxy_middleware.call(env)
|
46
46
|
elsif StaticRails.config.serve_compiled_assets
|
@@ -13,10 +13,10 @@ module StaticRails
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def call(env)
|
16
|
-
return @app.call(env) unless env["PATH_INFO"]&.start_with?(PATH_INFO_OBFUSCATION) || @determines_whether_to_handle_request.call(env)
|
16
|
+
return @app.call(env) unless env["PATH_INFO"]&.start_with?(/\/?#{PATH_INFO_OBFUSCATION}/) || @determines_whether_to_handle_request.call(env)
|
17
17
|
|
18
18
|
env = env.merge(
|
19
|
-
"PATH_INFO" => env["PATH_INFO"].gsub(
|
19
|
+
"PATH_INFO" => env["PATH_INFO"].gsub(/^\/?#{PATH_INFO_OBFUSCATION}/, "")
|
20
20
|
)
|
21
21
|
status, headers, body = super(env)
|
22
22
|
|
data/lib/static-rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: static-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Searls
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-06-
|
11
|
+
date: 2020-06-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|