static-rails 0.0.7 → 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/Gemfile.lock +16 -13
- data/lib/static-rails/gets_csrf_token.rb +12 -0
- data/lib/static-rails/site_middleware.rb +1 -1
- data/lib/static-rails/site_plus_csrf_middleware.rb +2 -2
- data/lib/static-rails/validates_csrf_token.rb +3 -0
- data/lib/static-rails/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 760a85803ecdc64592ce6f0f29e948fe744ff7e0d5d893f62f713f11aa7de9cb
|
4
|
+
data.tar.gz: 235ed594c1bf01dba53e028e3419ce1f5919e14de31441c5fb3f6a0b3b3de382
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd446ac15d01e261594e66388afada570c203046d0dcaa52437c43aca8cc8f5a09c19ce1e87aa699b7b9407a3f9993328e285aa1a4aaf53035493fd2cde7a28d
|
7
|
+
data.tar.gz: 592a87c638a0f861c673566746b591700e256de4eae4d3b28218d6faa6e994e5c3cccf589f3a2d16d850275d8d5db079661ac03aee17e6bc62ecf62b28cdc538
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
static-rails (0.0.
|
4
|
+
static-rails (0.0.8)
|
5
5
|
rack-proxy (~> 0.6)
|
6
6
|
railties (>= 5.0.0)
|
7
7
|
|
@@ -32,19 +32,18 @@ GEM
|
|
32
32
|
concurrent-ruby (1.1.6)
|
33
33
|
crass (1.0.6)
|
34
34
|
erubi (1.9.0)
|
35
|
-
i18n (1.8.
|
35
|
+
i18n (1.8.3)
|
36
36
|
concurrent-ruby (~> 1.0)
|
37
|
-
jaro_winkler (1.5.4)
|
38
37
|
loofah (2.5.0)
|
39
38
|
crass (~> 1.0.2)
|
40
39
|
nokogiri (>= 1.5.9)
|
41
40
|
method_source (1.0.0)
|
42
41
|
mini_portile2 (2.4.0)
|
43
|
-
minitest (5.14.
|
42
|
+
minitest (5.14.1)
|
44
43
|
nokogiri (1.10.9)
|
45
44
|
mini_portile2 (~> 2.4.0)
|
46
45
|
parallel (1.19.1)
|
47
|
-
parser (2.7.1.
|
46
|
+
parser (2.7.1.3)
|
48
47
|
ast (~> 2.4.0)
|
49
48
|
rack (2.2.2)
|
50
49
|
rack-proxy (0.6.5)
|
@@ -64,26 +63,30 @@ GEM
|
|
64
63
|
thor (>= 0.20.3, < 2.0)
|
65
64
|
rainbow (3.0.0)
|
66
65
|
rake (13.0.1)
|
66
|
+
regexp_parser (1.7.1)
|
67
67
|
rexml (3.2.4)
|
68
|
-
rubocop (0.
|
69
|
-
jaro_winkler (~> 1.5.1)
|
68
|
+
rubocop (0.85.1)
|
70
69
|
parallel (~> 1.10)
|
71
70
|
parser (>= 2.7.0.1)
|
72
71
|
rainbow (>= 2.2.2, < 4.0)
|
72
|
+
regexp_parser (>= 1.7)
|
73
73
|
rexml
|
74
|
+
rubocop-ast (>= 0.0.3)
|
74
75
|
ruby-progressbar (~> 1.7)
|
75
|
-
unicode-display_width (>= 1.4.0, <
|
76
|
-
rubocop-
|
76
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
77
|
+
rubocop-ast (0.0.3)
|
78
|
+
parser (>= 2.7.0.1)
|
79
|
+
rubocop-performance (1.6.1)
|
77
80
|
rubocop (>= 0.71.0)
|
78
81
|
ruby-progressbar (1.10.1)
|
79
|
-
standard (0.
|
80
|
-
rubocop (~> 0.
|
81
|
-
rubocop-performance (~> 1.
|
82
|
+
standard (0.4.7)
|
83
|
+
rubocop (~> 0.85.0)
|
84
|
+
rubocop-performance (~> 1.6.0)
|
82
85
|
thor (1.0.1)
|
83
86
|
thread_safe (0.3.6)
|
84
87
|
tzinfo (1.2.7)
|
85
88
|
thread_safe (~> 0.1)
|
86
|
-
unicode-display_width (1.
|
89
|
+
unicode-display_width (1.7.0)
|
87
90
|
zeitwerk (2.3.0)
|
88
91
|
|
89
92
|
PLATFORMS
|
@@ -6,10 +6,22 @@ module StaticRails
|
|
6
6
|
|
7
7
|
private
|
8
8
|
|
9
|
+
def csrf_token_hmac(session, identifier)
|
10
|
+
ActionController::RequestForgeryProtection.instance_method(:csrf_token_hmac).bind(self).call(session, identifier)
|
11
|
+
end
|
12
|
+
|
13
|
+
def mask_token(raw_token)
|
14
|
+
ActionController::RequestForgeryProtection.instance_method(:mask_token).bind(self).call(raw_token)
|
15
|
+
end
|
16
|
+
|
9
17
|
def masked_authenticity_token(session, form_options: {})
|
10
18
|
ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options)
|
11
19
|
end
|
12
20
|
|
21
|
+
def global_csrf_token(session)
|
22
|
+
ActionController::RequestForgeryProtection.instance_method(:global_csrf_token).bind(self).call(session)
|
23
|
+
end
|
24
|
+
|
13
25
|
def real_csrf_token(session)
|
14
26
|
ActionController::RequestForgeryProtection.instance_method(:real_csrf_token).bind(self).call(session)
|
15
27
|
end
|
@@ -40,7 +40,7 @@ module StaticRails
|
|
40
40
|
#
|
41
41
|
# (By the way, this was all Matthew Draper's bright idea. You can
|
42
42
|
# compliment him here: https://github.com/matthewd )
|
43
|
-
@app.call(env.merge("PATH_INFO" => env["PATH_INFO"]
|
43
|
+
@app.call(env.merge("PATH_INFO" => PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
|
44
44
|
elsif StaticRails.config.proxy_requests
|
45
45
|
@proxy_middleware.call(env)
|
46
46
|
elsif StaticRails.config.serve_compiled_assets
|
@@ -13,10 +13,10 @@ module StaticRails
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def call(env)
|
16
|
-
return @app.call(env) unless @determines_whether_to_handle_request.call(env)
|
16
|
+
return @app.call(env) unless env["PATH_INFO"]&.start_with?(PATH_INFO_OBFUSCATION) || @determines_whether_to_handle_request.call(env)
|
17
17
|
|
18
18
|
env = env.merge(
|
19
|
-
"PATH_INFO" => env["PATH_INFO"].gsub(
|
19
|
+
"PATH_INFO" => env["PATH_INFO"].gsub(/^#{PATH_INFO_OBFUSCATION}/, "")
|
20
20
|
)
|
21
21
|
status, headers, body = super(env)
|
22
22
|
|
data/lib/static-rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: static-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Searls
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|