subdomainbox 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/README.md +17 -6
  2. data/VERSION +1 -1
  3. data/lib/subdomainbox/subdomainbox.rb +2 -1
  4. data/spec/subdomainbox_spec.rb +19 -0
  5. data/subdomainbox.gemspec +2 -2
  6. metadata +15 -15
data/README.md CHANGED
@@ -54,24 +54,35 @@ There is no need to adjust your routes or your path / url helpers. Subdomainbox
54
54
  Installation
55
55
  ============
56
56
 
57
- Add subdomainbox to your gemfile and bundle install.
57
+ 1. Add subdomainbox to your gemfile and bundle install
58
+ 1. Run the generator (for generating the CSRF token secret):
58
59
 
59
- Run the generator (for generating the CSRF token secret):
60
+ $ rails generate subdomainbox
60
61
 
61
- $ rails generate subdomainbox
62
+ 1. Make sure the root domain of your application has a wildcard SSL certificate
63
+ 1. Set the domain of your session cookie to the root domain
62
64
 
63
- Make sure your application has a wildcard SSL certificate.
65
+ if Rails.env.development?
66
+ cookie_domain = 'lvh.me'
67
+ elsif Rails.env.production?
68
+ cookie_domain = 'mydomain.com'
69
+ end
70
+ MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => cookie_domain
64
71
 
72
+ Development
73
+ ===========
74
+
75
+ Use lvh.me:3000 instead of localhost:3000 since localhost doesn't support subdomains
65
76
 
66
77
  Testing
67
78
  =======
68
79
 
69
- In controller specs:
80
+ In controller specs, we don't want to worry about subdomain-boxing, so stub it out:
70
81
 
71
82
  controller.stub(:subdomainbox)
72
83
 
73
84
 
74
- To make request/feature/integration specs work:
85
+ Request/feature/integration specs are vital when using subdomain boxing. Non-javascript Capybara + Rack should work out of the box, but Capybara + Selenium/Webkit javascript driver requires modification of the test machine in order for it to work with subdomains:
75
86
 
76
87
  brew install dnsmasq
77
88
  mkdir -pv $(brew --prefix)/etc/
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.5.0
1
+ 0.5.1
data/lib/subdomainbox/subdomainbox.rb CHANGED
@@ -41,7 +41,8 @@ module ActionController
41
41
  private
42
42
 
43
43
  def subdomainbox_no_subdomain_match!(box_definitions)
44
- if request.format == 'text/html' && request.get?
44
+ format = request.format
45
+ if (format == 'text/html' || format == '*/*') && request.get?
45
46
  flash[:alert] = flash.now[:alert]
46
47
  flash[:notice] = flash.now[:notice]
47
48
  flash[:info] = flash.now[:info]
data/spec/subdomainbox_spec.rb CHANGED
@@ -58,6 +58,24 @@ describe ActionController::Base do
58
58
 
59
59
  end
60
60
 
61
+
62
+ context "when the accept header is */*" do
63
+ before(:each) do
64
+ request.stub(:format).and_return('*/*')
65
+
66
+ request.stub(:subdomain).and_return('www')
67
+ request.stub(:protocol).and_return('https://')
68
+ request.stub(:port_string).and_return(':8080')
69
+ request.stub(:fullpath).and_return('/pets')
70
+ request.stub(:get?).and_return(true)
71
+ end
72
+
73
+ it "should treat it the same as text/html" do
74
+ controller.should_receive(:redirect_to).with('https://pets.peanuts.com:8080/pets')
75
+ controller.subdomainbox('pets')
76
+ end
77
+ end
78
+
61
79
  context "when the requested format is html" do
62
80
  before(:each) do
63
81
  request.stub(:format).and_return('text/html')
@@ -193,6 +211,7 @@ describe ActionController::Base do
193
211
  controller.subdomainbox('pets')
194
212
  end
195
213
  end
214
+
196
215
  end
197
216
 
198
217
  context "when this is not a GET request" do
data/subdomainbox.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "subdomainbox"
8
- s.version = "0.5.0"
8
+ s.version = "0.5.1"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Daniel Nelson"]
12
- s.date = "2013-03-23"
12
+ s.date = "2013-03-25"
13
13
  s.description = "use subdomains to prevent XSS from accessing your entire application if it should happen to be injected into some page in your app"
14
14
  s.email = "dnelson@centresource.com"
15
15
  s.extra_rdoc_files = [
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: subdomainbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-03-23 00:00:00.000000000 Z
12
+ date: 2013-03-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: uuidtools
16
- requirement: &2160194360 !ruby/object:Gem::Requirement
16
+ requirement: &2152059740 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *2160194360
24
+ version_requirements: *2152059740
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rspec
27
- requirement: &2160212440 !ruby/object:Gem::Requirement
27
+ requirement: &2152058780 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - =
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 2.10.0
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *2160212440
35
+ version_requirements: *2152058780
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: jeweler
38
- requirement: &2160210200 !ruby/object:Gem::Requirement
38
+ requirement: &2152112060 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: 1.8.4
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *2160210200
46
+ version_requirements: *2152112060
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: pry
49
- requirement: &2160208380 !ruby/object:Gem::Requirement
49
+ requirement: &2152110740 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
54
54
  version: '0'
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *2160208380
57
+ version_requirements: *2152110740
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: pry-nav
60
- requirement: &2160207140 !ruby/object:Gem::Requirement
60
+ requirement: &2152108660 !ruby/object:Gem::Requirement
61
61
  none: false
62
62
  requirements:
63
63
  - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
65
65
  version: '0'
66
66
  type: :development
67
67
  prerelease: false
68
- version_requirements: *2160207140
68
+ version_requirements: *2152108660
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: pry-stack_explorer
71
- requirement: &2160221580 !ruby/object:Gem::Requirement
71
+ requirement: &2152107320 !ruby/object:Gem::Requirement
72
72
  none: false
73
73
  requirements:
74
74
  - - ! '>='
@@ -76,7 +76,7 @@ dependencies:
76
76
  version: '0'
77
77
  type: :development
78
78
  prerelease: false
79
- version_requirements: *2160221580
79
+ version_requirements: *2152107320
80
80
  description: use subdomains to prevent XSS from accessing your entire application
81
81
  if it should happen to be injected into some page in your app
82
82
  email: dnelson@centresource.com
@@ -118,7 +118,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
118
118
  version: '0'
119
119
  segments:
120
120
  - 0
121
- hash: 3040467631251113131
121
+ hash: -1018777487133078925
122
122
  required_rubygems_version: !ruby/object:Gem::Requirement
123
123
  none: false
124
124
  requirements: