static-rails 0.0.8 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 760a85803ecdc64592ce6f0f29e948fe744ff7e0d5d893f62f713f11aa7de9cb
4
- data.tar.gz: 235ed594c1bf01dba53e028e3419ce1f5919e14de31441c5fb3f6a0b3b3de382
3
+ metadata.gz: 6745d74377412999963201634328706d263efcb29eb445a71c84cd427b618084
4
+ data.tar.gz: 9ffe84b1fc78ada36ab6699cb1826815e8da0fc0cdbe266c952f563a41c577a6
5
5
  SHA512:
6
- metadata.gz: fd446ac15d01e261594e66388afada570c203046d0dcaa52437c43aca8cc8f5a09c19ce1e87aa699b7b9407a3f9993328e285aa1a4aaf53035493fd2cde7a28d
7
- data.tar.gz: 592a87c638a0f861c673566746b591700e256de4eae4d3b28218d6faa6e994e5c3cccf589f3a2d16d850275d8d5db079661ac03aee17e6bc62ecf62b28cdc538
6
+ metadata.gz: 679620aed3269f571bbec98a28537a34e03240e7df57319e34e0c100b85332cdbbbc6a01cf34d62552edbbc971411a881da57a33b54ede1d64b4c0833b7fbc6a
7
+ data.tar.gz: a89bc51bded625662eb00666c0d3c2f1034f9d397a84e86d7e30136398d0e53e60d0e8287cce0cda3baea0dc5c7ef037bc629635e7c9854a58b5c8376ddafa2d
@@ -1,3 +1,10 @@
1
+ ## 0.0.9
2
+
3
+ * When using CSRF protection, the artificial path info will now be
4
+ "__static_rails__" instead of a random string, to make logs appear cleaner
5
+ * Attempt to guard against future internal changes to Rails' request forgery
6
+ protection by adding `method_missing` that calls through
7
+
1
8
  ## 0.0.8
2
9
 
3
10
  * Add support for the [CSRF
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- static-rails (0.0.8)
4
+ static-rails (0.0.9)
5
5
  rack-proxy (~> 0.6)
6
6
  railties (>= 5.0.0)
7
7
 
@@ -1,5 +1,9 @@
1
+ require_relative "request_forgery_protection_fallback"
2
+
1
3
  module StaticRails
2
4
  class GetsCsrfToken
5
+ include RequestForgeryProtectionFallback
6
+
3
7
  def call(req)
4
8
  masked_authenticity_token(req.session)
5
9
  end
@@ -0,0 +1,19 @@
1
+ module StaticRails
2
+ module RequestForgeryProtectionFallback
3
+ def method_missing(method_name, *args, **kwargs, &blk)
4
+ if respond_to?(method_name)
5
+ ActionController::RequestForgeryProtection.instance_method(method_name).bind(self).call(*args, **kwargs, &blk)
6
+ else
7
+ super
8
+ end
9
+ end
10
+
11
+ def respond_to?(method_name, *args)
12
+ ActionController::RequestForgeryProtection.instance_method(method_name) || super
13
+ end
14
+
15
+ def respond_to_missing?(method_name, *args)
16
+ ActionController::RequestForgeryProtection.instance_method(method_name) || super
17
+ end
18
+ end
19
+ end
@@ -4,7 +4,7 @@ require_relative "determines_whether_to_handle_request"
4
4
 
5
5
  module StaticRails
6
6
  class SiteMiddleware
7
- PATH_INFO_OBFUSCATION = "JujJVj31M3SpzTjIGBJ2-3iE0lKXOIOlbLuk9Lxwe-Ll2uLuwH5KD8dmt1MqyZ"
7
+ PATH_INFO_OBFUSCATION = "__static-rails__"
8
8
 
9
9
  def initialize(app)
10
10
  @app = app
@@ -1,5 +1,9 @@
1
+ require_relative "request_forgery_protection_fallback"
2
+
1
3
  module StaticRails
2
4
  class ValidatesCsrfToken
5
+ include RequestForgeryProtectionFallback
6
+
3
7
  def call(req)
4
8
  valid_authenticity_token?(req.session, req.cookies["_csrf_token"])
5
9
  end
@@ -1,3 +1,3 @@
1
1
  module StaticRails
2
- VERSION = "0.0.8"
2
+ VERSION = "0.0.9"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: static-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Searls
@@ -69,6 +69,7 @@ files:
69
69
  - lib/static-rails/proxy_middleware.rb
70
70
  - lib/static-rails/rack_server_check.rb
71
71
  - lib/static-rails/railtie.rb
72
+ - lib/static-rails/request_forgery_protection_fallback.rb
72
73
  - lib/static-rails/server.rb
73
74
  - lib/static-rails/server_store.rb
74
75
  - lib/static-rails/site.rb