static-rails 0.0.11 → 0.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d5808adb0f3f344a5706a6dddb5053899047f5d8aa4bbddb577168319b9aa046
4
- data.tar.gz: d84c08d618e80a28b95be9da396f34d57636985ecf83859a906c5997a1532238
3
+ metadata.gz: 3c9c3f77b3746fd75f797c4c33815e5c699af9e4c1c9a88f56234117406d1b7f
4
+ data.tar.gz: bf8d899c95891497e8a17492d58315993af2d189f7a3ea3e848937f04e252a81
5
5
  SHA512:
6
- metadata.gz: adb43e14b69561af8ce12989d319782b95d8c915b30968c4ce28d6bbf109426b8d606ba83d860002c2d793c16be3fbfe6c962be473df83507fd18d1e16de66c4
7
- data.tar.gz: 7f4e6b9a9ed8dabaccd3a0da66671c36605a56e15da8483fe17f9518badbe3be6e2b82369ac4e7a05af9b4d594eaec1b010ad7616fc77b3aa835f81e0f87aa57
6
+ metadata.gz: 8ae97c0207f5fcfe0516d78e43738ec6c8def425312dd0af03070c488927ee812824b1ec3742ee21e874e3d8e47568f44e1bd577757aa0054f8a3dcadce7c943
7
+ data.tar.gz: f840d03e50b3017ecccc9a259d9f89e0ce92dc76b735f47bc6a8873c17efb6f87ece051eb6167f6a11f603e88c5e5c5ca2afac9b9f2d886bf098e63fc0491133
@@ -1,3 +1,10 @@
1
+ ## 0.0.12
2
+
3
+ * Fix an issue in which enabling force_ssl would result in redirects to the
4
+ obfuscated `/_static_rails/` path. Resolved this by placing the static-rails
5
+ middleware after `ActionDispatch::SSL`. Note that this will break if you
6
+ remove `Rack::SendFile` from your app's middleware stack
7
+
1
8
  ## 0.0.11
2
9
 
3
10
  * Inline the `ActionDispatch::FileHandler` from Rails master so that we can
@@ -1,27 +1,27 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- static-rails (0.0.11)
4
+ static-rails (0.0.12)
5
5
  rack-proxy (~> 0.6)
6
6
  railties (>= 5.0.0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (6.0.3.1)
12
- actionview (= 6.0.3.1)
13
- activesupport (= 6.0.3.1)
11
+ actionpack (6.0.3.2)
12
+ actionview (= 6.0.3.2)
13
+ activesupport (= 6.0.3.2)
14
14
  rack (~> 2.0, >= 2.0.8)
15
15
  rack-test (>= 0.6.3)
16
16
  rails-dom-testing (~> 2.0)
17
17
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
- actionview (6.0.3.1)
19
- activesupport (= 6.0.3.1)
18
+ actionview (6.0.3.2)
19
+ activesupport (= 6.0.3.2)
20
20
  builder (~> 3.1)
21
21
  erubi (~> 1.4)
22
22
  rails-dom-testing (~> 2.0)
23
23
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
- activesupport (6.0.3.1)
24
+ activesupport (6.0.3.2)
25
25
  concurrent-ruby (~> 1.0, >= 1.0.2)
26
26
  i18n (>= 0.7, < 2)
27
27
  minitest (~> 5.1)
@@ -34,7 +34,7 @@ GEM
34
34
  erubi (1.9.0)
35
35
  i18n (1.8.3)
36
36
  concurrent-ruby (~> 1.0)
37
- loofah (2.5.0)
37
+ loofah (2.6.0)
38
38
  crass (~> 1.0.2)
39
39
  nokogiri (>= 1.5.9)
40
40
  method_source (1.0.0)
@@ -45,7 +45,7 @@ GEM
45
45
  parallel (1.19.1)
46
46
  parser (2.7.1.3)
47
47
  ast (~> 2.4.0)
48
- rack (2.2.2)
48
+ rack (2.2.3)
49
49
  rack-proxy (0.6.5)
50
50
  rack
51
51
  rack-test (1.1.0)
@@ -55,9 +55,9 @@ GEM
55
55
  nokogiri (>= 1.6)
56
56
  rails-html-sanitizer (1.3.0)
57
57
  loofah (~> 2.3)
58
- railties (6.0.3.1)
59
- actionpack (= 6.0.3.1)
60
- activesupport (= 6.0.3.1)
58
+ railties (6.0.3.2)
59
+ actionpack (= 6.0.3.2)
60
+ activesupport (= 6.0.3.2)
61
61
  method_source
62
62
  rake (>= 0.8.7)
63
63
  thor (>= 0.20.3, < 2.0)
@@ -34,14 +34,14 @@ StaticRails.config do |config|
34
34
  # url_root_path: "/",
35
35
  #
36
36
  # # Don't serve/redirect routes whose paths start with these strings
37
- # url_skip_paths_starting_with: ["/api"]
37
+ # url_skip_paths_starting_with: ["/api"],
38
38
  #
39
39
  # # Whether to run the local development/test server or not
40
40
  # start_server: !Rails.env.production?,
41
41
  #
42
42
  # # If start_server is true, wait to proxy requests to the server until it
43
43
  # # can connect to server_host over TCP on server_port
44
- # ping_server: true
44
+ # ping_server: true,
45
45
  #
46
46
  # # Any environment variables you need to pass to the server & compile
47
47
  # # commands as a hash (e.g. `env: {"BUNDLE_PATH" => "vendor/bundle"}`)
@@ -65,7 +65,7 @@ StaticRails.config do |config|
65
65
  # compile_command: "hugo",
66
66
  #
67
67
  # # The destination of production-compiled assets, relative to Rails root
68
- # compile_dir: "static/blog/dist"
68
+ # compile_dir: "static/blog/dist",
69
69
  #
70
70
  # # A 404 page to be sent when serving compiled assets and no file matches
71
71
  # compile_404_file_path: "404.html"
@@ -36,7 +36,7 @@ module StaticRails
36
36
  attr_reader :sites
37
37
  def sites=(sites)
38
38
  @sites = Array.wrap(sites).map { |site|
39
- Site.new(site)
39
+ Site.new(**site)
40
40
  }
41
41
  end
42
42
  end
@@ -10,16 +10,18 @@ module StaticRails
10
10
 
11
11
  private
12
12
 
13
- def csrf_token_hmac(session, identifier)
14
- ActionController::RequestForgeryProtection.instance_method(:csrf_token_hmac).bind(self).call(session, identifier)
15
- end
16
-
17
- def mask_token(raw_token)
18
- ActionController::RequestForgeryProtection.instance_method(:mask_token).bind(self).call(raw_token)
13
+ [
14
+ :csrf_token_hmac,
15
+ :mask_token,
16
+ :xor_byte_strings
17
+ ].each do |method|
18
+ define_method method do |*args, **kwargs, &blk|
19
+ ActionController::RequestForgeryProtection.instance_method(method).bind(self).call(*args, **kwargs, &blk)
20
+ end
19
21
  end
20
22
 
21
23
  def masked_authenticity_token(session, form_options: {})
22
- ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options)
24
+ ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options: form_options)
23
25
  end
24
26
 
25
27
  def global_csrf_token(session)
@@ -30,10 +32,6 @@ module StaticRails
30
32
  ActionController::RequestForgeryProtection.instance_method(:real_csrf_token).bind(self).call(session)
31
33
  end
32
34
 
33
- def xor_byte_strings(s1, s2)
34
- ActionController::RequestForgeryProtection.instance_method(:xor_byte_strings).bind(self).call(s1, s2)
35
- end
36
-
37
35
  def per_form_csrf_tokens
38
36
  false
39
37
  end
@@ -10,7 +10,7 @@ module StaticRails
10
10
  end
11
11
 
12
12
  initializer "static_rails.middleware" do
13
- config.app_middleware.insert_before 0, SiteMiddleware
13
+ config.app_middleware.insert_after Rack::Sendfile, SiteMiddleware
14
14
  config.app_middleware.use SitePlusCsrfMiddleware
15
15
  end
16
16
 
@@ -40,7 +40,7 @@ module StaticRails
40
40
  #
41
41
  # (By the way, this was all Matthew Draper's bright idea. You can
42
42
  # compliment him here: https://github.com/matthewd )
43
- @app.call(env.merge("PATH_INFO" => PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
43
+ @app.call(env.merge("PATH_INFO" => "/" + PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
44
44
  elsif StaticRails.config.proxy_requests
45
45
  @proxy_middleware.call(env)
46
46
  elsif StaticRails.config.serve_compiled_assets
@@ -13,10 +13,10 @@ module StaticRails
13
13
  end
14
14
 
15
15
  def call(env)
16
- return @app.call(env) unless env["PATH_INFO"]&.start_with?(PATH_INFO_OBFUSCATION) || @determines_whether_to_handle_request.call(env)
16
+ return @app.call(env) unless env["PATH_INFO"]&.start_with?(/\/?#{PATH_INFO_OBFUSCATION}/) || @determines_whether_to_handle_request.call(env)
17
17
 
18
18
  env = env.merge(
19
- "PATH_INFO" => env["PATH_INFO"].gsub(/^#{PATH_INFO_OBFUSCATION}/, "")
19
+ "PATH_INFO" => env["PATH_INFO"].gsub(/^\/?#{PATH_INFO_OBFUSCATION}/, "")
20
20
  )
21
21
  status, headers, body = super(env)
22
22
 
@@ -1,3 +1,3 @@
1
1
  module StaticRails
2
- VERSION = "0.0.11"
2
+ VERSION = "0.0.12"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: static-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Searls
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-06-11 00:00:00.000000000 Z
11
+ date: 2020-06-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties