static-rails 0.0.7 → 0.0.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 71c1a0e6ce72ea1feb691e3cbfae0bec8bf723f1512cda383aeae57d56fd9765
4
- data.tar.gz: 4d8d3c148661b2498ccfeb3677553e94a91c2cb68b5c48ba47aaace89be8adfe
3
+ metadata.gz: 760a85803ecdc64592ce6f0f29e948fe744ff7e0d5d893f62f713f11aa7de9cb
4
+ data.tar.gz: 235ed594c1bf01dba53e028e3419ce1f5919e14de31441c5fb3f6a0b3b3de382
5
5
  SHA512:
6
- metadata.gz: cc39f818e745f67930b8821dbf3b38cdfd34d33accd25979801a4fbc34df67cdf600e517a2fe806f6094e43bc2e797fcef2aa4b1bb7006f3d75317a26b19ea82
7
- data.tar.gz: c0879dc6ef5950806aaa662035ac7593a78c334dc578f65bd5e13526d1f4c770a08b9cf1f2b8fc8e21a9d00372876736924e05687e4d33ebbb780acc5b802ea1
6
+ metadata.gz: fd446ac15d01e261594e66388afada570c203046d0dcaa52437c43aca8cc8f5a09c19ce1e87aa699b7b9407a3f9993328e285aa1a4aaf53035493fd2cde7a28d
7
+ data.tar.gz: 592a87c638a0f861c673566746b591700e256de4eae4d3b28218d6faa6e994e5c3cccf589f3a2d16d850275d8d5db079661ac03aee17e6bc62ecf62b28cdc538
@@ -1,3 +1,8 @@
1
+ ## 0.0.8
2
+
3
+ * Add support for the [CSRF
4
+ changes](https://github.com/rails/rails/commit/358ff18975f26e820ea355ec113ffc5228e59af8) in Rails 6.0.3.1
5
+
1
6
  ## 0.0.7
2
7
 
3
8
  * Ensure that CSRF tokens are valid, at the cost of some performance and
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- static-rails (0.0.7)
4
+ static-rails (0.0.8)
5
5
  rack-proxy (~> 0.6)
6
6
  railties (>= 5.0.0)
7
7
 
@@ -32,19 +32,18 @@ GEM
32
32
  concurrent-ruby (1.1.6)
33
33
  crass (1.0.6)
34
34
  erubi (1.9.0)
35
- i18n (1.8.2)
35
+ i18n (1.8.3)
36
36
  concurrent-ruby (~> 1.0)
37
- jaro_winkler (1.5.4)
38
37
  loofah (2.5.0)
39
38
  crass (~> 1.0.2)
40
39
  nokogiri (>= 1.5.9)
41
40
  method_source (1.0.0)
42
41
  mini_portile2 (2.4.0)
43
- minitest (5.14.0)
42
+ minitest (5.14.1)
44
43
  nokogiri (1.10.9)
45
44
  mini_portile2 (~> 2.4.0)
46
45
  parallel (1.19.1)
47
- parser (2.7.1.1)
46
+ parser (2.7.1.3)
48
47
  ast (~> 2.4.0)
49
48
  rack (2.2.2)
50
49
  rack-proxy (0.6.5)
@@ -64,26 +63,30 @@ GEM
64
63
  thor (>= 0.20.3, < 2.0)
65
64
  rainbow (3.0.0)
66
65
  rake (13.0.1)
66
+ regexp_parser (1.7.1)
67
67
  rexml (3.2.4)
68
- rubocop (0.80.1)
69
- jaro_winkler (~> 1.5.1)
68
+ rubocop (0.85.1)
70
69
  parallel (~> 1.10)
71
70
  parser (>= 2.7.0.1)
72
71
  rainbow (>= 2.2.2, < 4.0)
72
+ regexp_parser (>= 1.7)
73
73
  rexml
74
+ rubocop-ast (>= 0.0.3)
74
75
  ruby-progressbar (~> 1.7)
75
- unicode-display_width (>= 1.4.0, < 1.7)
76
- rubocop-performance (1.5.2)
76
+ unicode-display_width (>= 1.4.0, < 2.0)
77
+ rubocop-ast (0.0.3)
78
+ parser (>= 2.7.0.1)
79
+ rubocop-performance (1.6.1)
77
80
  rubocop (>= 0.71.0)
78
81
  ruby-progressbar (1.10.1)
79
- standard (0.2.5)
80
- rubocop (~> 0.80.1)
81
- rubocop-performance (~> 1.5.2)
82
+ standard (0.4.7)
83
+ rubocop (~> 0.85.0)
84
+ rubocop-performance (~> 1.6.0)
82
85
  thor (1.0.1)
83
86
  thread_safe (0.3.6)
84
87
  tzinfo (1.2.7)
85
88
  thread_safe (~> 0.1)
86
- unicode-display_width (1.6.1)
89
+ unicode-display_width (1.7.0)
87
90
  zeitwerk (2.3.0)
88
91
 
89
92
  PLATFORMS
@@ -6,10 +6,22 @@ module StaticRails
6
6
 
7
7
  private
8
8
 
9
+ def csrf_token_hmac(session, identifier)
10
+ ActionController::RequestForgeryProtection.instance_method(:csrf_token_hmac).bind(self).call(session, identifier)
11
+ end
12
+
13
+ def mask_token(raw_token)
14
+ ActionController::RequestForgeryProtection.instance_method(:mask_token).bind(self).call(raw_token)
15
+ end
16
+
9
17
  def masked_authenticity_token(session, form_options: {})
10
18
  ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options)
11
19
  end
12
20
 
21
+ def global_csrf_token(session)
22
+ ActionController::RequestForgeryProtection.instance_method(:global_csrf_token).bind(self).call(session)
23
+ end
24
+
13
25
  def real_csrf_token(session)
14
26
  ActionController::RequestForgeryProtection.instance_method(:real_csrf_token).bind(self).call(session)
15
27
  end
@@ -40,7 +40,7 @@ module StaticRails
40
40
  #
41
41
  # (By the way, this was all Matthew Draper's bright idea. You can
42
42
  # compliment him here: https://github.com/matthewd )
43
- @app.call(env.merge("PATH_INFO" => env["PATH_INFO"] + PATH_INFO_OBFUSCATION))
43
+ @app.call(env.merge("PATH_INFO" => PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
44
44
  elsif StaticRails.config.proxy_requests
45
45
  @proxy_middleware.call(env)
46
46
  elsif StaticRails.config.serve_compiled_assets
@@ -13,10 +13,10 @@ module StaticRails
13
13
  end
14
14
 
15
15
  def call(env)
16
- return @app.call(env) unless @determines_whether_to_handle_request.call(env)
16
+ return @app.call(env) unless env["PATH_INFO"]&.start_with?(PATH_INFO_OBFUSCATION) || @determines_whether_to_handle_request.call(env)
17
17
 
18
18
  env = env.merge(
19
- "PATH_INFO" => env["PATH_INFO"].gsub(/#{PATH_INFO_OBFUSCATION}/, "")
19
+ "PATH_INFO" => env["PATH_INFO"].gsub(/^#{PATH_INFO_OBFUSCATION}/, "")
20
20
  )
21
21
  status, headers, body = super(env)
22
22
 
@@ -7,6 +7,9 @@ module StaticRails
7
7
  private
8
8
 
9
9
  [
10
+ :compare_with_global_token,
11
+ :global_csrf_token,
12
+ :csrf_token_hmac,
10
13
  :valid_authenticity_token?,
11
14
  :unmask_token,
12
15
  :compare_with_real_token,
@@ -1,3 +1,3 @@
1
1
  module StaticRails
2
- VERSION = "0.0.7"
2
+ VERSION = "0.0.8"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: static-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Searls
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-05-29 00:00:00.000000000 Z
11
+ date: 2020-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties