static-rails 0.0.8 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 760a85803ecdc64592ce6f0f29e948fe744ff7e0d5d893f62f713f11aa7de9cb
-  data.tar.gz: 235ed594c1bf01dba53e028e3419ce1f5919e14de31441c5fb3f6a0b3b3de382
+  metadata.gz: 6745d74377412999963201634328706d263efcb29eb445a71c84cd427b618084
+  data.tar.gz: 9ffe84b1fc78ada36ab6699cb1826815e8da0fc0cdbe266c952f563a41c577a6
 SHA512:
-  metadata.gz: fd446ac15d01e261594e66388afada570c203046d0dcaa52437c43aca8cc8f5a09c19ce1e87aa699b7b9407a3f9993328e285aa1a4aaf53035493fd2cde7a28d
-  data.tar.gz: 592a87c638a0f861c673566746b591700e256de4eae4d3b28218d6faa6e994e5c3cccf589f3a2d16d850275d8d5db079661ac03aee17e6bc62ecf62b28cdc538
+  metadata.gz: 679620aed3269f571bbec98a28537a34e03240e7df57319e34e0c100b85332cdbbbc6a01cf34d62552edbbc971411a881da57a33b54ede1d64b4c0833b7fbc6a
+  data.tar.gz: a89bc51bded625662eb00666c0d3c2f1034f9d397a84e86d7e30136398d0e53e60d0e8287cce0cda3baea0dc5c7ef037bc629635e7c9854a58b5c8376ddafa2d

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.0.9
+
+* When using CSRF protection, the artificial path info will now be
+  "__static_rails__" instead of a random string, to make logs appear cleaner
+* Attempt to guard against future internal changes to Rails' request forgery
+  protection by adding `method_missing` that calls through
+
 ## 0.0.8
 
 * Add support for the [CSRF

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    static-rails (0.0.8)
+    static-rails (0.0.9)
       rack-proxy (~> 0.6)
       railties (>= 5.0.0)
 

data/lib/static-rails/gets_csrf_token.rb

@@ -1,5 +1,9 @@
+require_relative "request_forgery_protection_fallback"
+
 module StaticRails
   class GetsCsrfToken
+    include RequestForgeryProtectionFallback
+
     def call(req)
       masked_authenticity_token(req.session)
     end

data/lib/static-rails/request_forgery_protection_fallback.rb

@@ -0,0 +1,19 @@
+module StaticRails
+  module RequestForgeryProtectionFallback
+    def method_missing(method_name, *args, **kwargs, &blk)
+      if respond_to?(method_name)
+        ActionController::RequestForgeryProtection.instance_method(method_name).bind(self).call(*args, **kwargs, &blk)
+      else
+        super
+      end
+    end
+
+    def respond_to?(method_name, *args)
+      ActionController::RequestForgeryProtection.instance_method(method_name) || super
+    end
+
+    def respond_to_missing?(method_name, *args)
+      ActionController::RequestForgeryProtection.instance_method(method_name) || super
+    end
+  end
+end

data/lib/static-rails/site_middleware.rb

@@ -4,7 +4,7 @@ require_relative "determines_whether_to_handle_request"
 
 module StaticRails
   class SiteMiddleware
-    PATH_INFO_OBFUSCATION = "JujJVj31M3SpzTjIGBJ2-3iE0lKXOIOlbLuk9Lxwe-Ll2uLuwH5KD8dmt1MqyZ"
+    PATH_INFO_OBFUSCATION = "__static-rails__"
 
     def initialize(app)
       @app = app

data/lib/static-rails/validates_csrf_token.rb

@@ -1,5 +1,9 @@
+require_relative "request_forgery_protection_fallback"
+
 module StaticRails
   class ValidatesCsrfToken
+    include RequestForgeryProtectionFallback
+
     def call(req)
       valid_authenticity_token?(req.session, req.cookies["_csrf_token"])
     end

data/lib/static-rails/version.rb

@@ -1,3 +1,3 @@
 module StaticRails
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: static-rails
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.0.9
 platform: ruby
 authors:
 - Justin Searls
@@ -69,6 +69,7 @@ files:
 - lib/static-rails/proxy_middleware.rb
 - lib/static-rails/rack_server_check.rb
 - lib/static-rails/railtie.rb
+- lib/static-rails/request_forgery_protection_fallback.rb
 - lib/static-rails/server.rb
 - lib/static-rails/server_store.rb
 - lib/static-rails/site.rb