subdomainbox 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +17 -6
- data/VERSION +1 -1
- data/lib/subdomainbox/subdomainbox.rb +2 -1
- data/spec/subdomainbox_spec.rb +19 -0
- data/subdomainbox.gemspec +2 -2
- metadata +15 -15
data/README.md
CHANGED
@@ -54,24 +54,35 @@ There is no need to adjust your routes or your path / url helpers. Subdomainbox
|
|
54
54
|
Installation
|
55
55
|
============
|
56
56
|
|
57
|
-
Add subdomainbox to your gemfile and bundle install
|
57
|
+
1. Add subdomainbox to your gemfile and bundle install
|
58
|
+
1. Run the generator (for generating the CSRF token secret):
|
58
59
|
|
59
|
-
|
60
|
+
$ rails generate subdomainbox
|
60
61
|
|
61
|
-
|
62
|
+
1. Make sure the root domain of your application has a wildcard SSL certificate
|
63
|
+
1. Set the domain of your session cookie to the root domain
|
62
64
|
|
63
|
-
|
65
|
+
if Rails.env.development?
|
66
|
+
cookie_domain = 'lvh.me'
|
67
|
+
elsif Rails.env.production?
|
68
|
+
cookie_domain = 'mydomain.com'
|
69
|
+
end
|
70
|
+
MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => cookie_domain
|
64
71
|
|
72
|
+
Development
|
73
|
+
===========
|
74
|
+
|
75
|
+
Use lvh.me:3000 instead of localhost:3000 since localhost doesn't support subdomains
|
65
76
|
|
66
77
|
Testing
|
67
78
|
=======
|
68
79
|
|
69
|
-
In controller specs:
|
80
|
+
In controller specs, we don't want to worry about subdomain-boxing, so stub it out:
|
70
81
|
|
71
82
|
controller.stub(:subdomainbox)
|
72
83
|
|
73
84
|
|
74
|
-
|
85
|
+
Request/feature/integration specs are vital when using subdomain boxing. Non-javascript Capybara + Rack should work out of the box, but Capybara + Selenium/Webkit javascript driver requires modification of the test machine in order for it to work with subdomains:
|
75
86
|
|
76
87
|
brew install dnsmasq
|
77
88
|
mkdir -pv $(brew --prefix)/etc/
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.5.
|
1
|
+
0.5.1
|
@@ -41,7 +41,8 @@ module ActionController
|
|
41
41
|
private
|
42
42
|
|
43
43
|
def subdomainbox_no_subdomain_match!(box_definitions)
|
44
|
-
|
44
|
+
format = request.format
|
45
|
+
if (format == 'text/html' || format == '*/*') && request.get?
|
45
46
|
flash[:alert] = flash.now[:alert]
|
46
47
|
flash[:notice] = flash.now[:notice]
|
47
48
|
flash[:info] = flash.now[:info]
|
data/spec/subdomainbox_spec.rb
CHANGED
@@ -58,6 +58,24 @@ describe ActionController::Base do
|
|
58
58
|
|
59
59
|
end
|
60
60
|
|
61
|
+
|
62
|
+
context "when the accept header is */*" do
|
63
|
+
before(:each) do
|
64
|
+
request.stub(:format).and_return('*/*')
|
65
|
+
|
66
|
+
request.stub(:subdomain).and_return('www')
|
67
|
+
request.stub(:protocol).and_return('https://')
|
68
|
+
request.stub(:port_string).and_return(':8080')
|
69
|
+
request.stub(:fullpath).and_return('/pets')
|
70
|
+
request.stub(:get?).and_return(true)
|
71
|
+
end
|
72
|
+
|
73
|
+
it "should treat it the same as text/html" do
|
74
|
+
controller.should_receive(:redirect_to).with('https://pets.peanuts.com:8080/pets')
|
75
|
+
controller.subdomainbox('pets')
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
61
79
|
context "when the requested format is html" do
|
62
80
|
before(:each) do
|
63
81
|
request.stub(:format).and_return('text/html')
|
@@ -193,6 +211,7 @@ describe ActionController::Base do
|
|
193
211
|
controller.subdomainbox('pets')
|
194
212
|
end
|
195
213
|
end
|
214
|
+
|
196
215
|
end
|
197
216
|
|
198
217
|
context "when this is not a GET request" do
|
data/subdomainbox.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "subdomainbox"
|
8
|
-
s.version = "0.5.
|
8
|
+
s.version = "0.5.1"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Daniel Nelson"]
|
12
|
-
s.date = "2013-03-
|
12
|
+
s.date = "2013-03-25"
|
13
13
|
s.description = "use subdomains to prevent XSS from accessing your entire application if it should happen to be injected into some page in your app"
|
14
14
|
s.email = "dnelson@centresource.com"
|
15
15
|
s.extra_rdoc_files = [
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subdomainbox
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-03-
|
12
|
+
date: 2013-03-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: uuidtools
|
16
|
-
requirement: &
|
16
|
+
requirement: &2152059740 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2152059740
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: rspec
|
27
|
-
requirement: &
|
27
|
+
requirement: &2152058780 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - =
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 2.10.0
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *2152058780
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: jeweler
|
38
|
-
requirement: &
|
38
|
+
requirement: &2152112060 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ~>
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: 1.8.4
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *2152112060
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: pry
|
49
|
-
requirement: &
|
49
|
+
requirement: &2152110740 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ! '>='
|
@@ -54,10 +54,10 @@ dependencies:
|
|
54
54
|
version: '0'
|
55
55
|
type: :development
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *2152110740
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
59
|
name: pry-nav
|
60
|
-
requirement: &
|
60
|
+
requirement: &2152108660 !ruby/object:Gem::Requirement
|
61
61
|
none: false
|
62
62
|
requirements:
|
63
63
|
- - ! '>='
|
@@ -65,10 +65,10 @@ dependencies:
|
|
65
65
|
version: '0'
|
66
66
|
type: :development
|
67
67
|
prerelease: false
|
68
|
-
version_requirements: *
|
68
|
+
version_requirements: *2152108660
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: pry-stack_explorer
|
71
|
-
requirement: &
|
71
|
+
requirement: &2152107320 !ruby/object:Gem::Requirement
|
72
72
|
none: false
|
73
73
|
requirements:
|
74
74
|
- - ! '>='
|
@@ -76,7 +76,7 @@ dependencies:
|
|
76
76
|
version: '0'
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
|
-
version_requirements: *
|
79
|
+
version_requirements: *2152107320
|
80
80
|
description: use subdomains to prevent XSS from accessing your entire application
|
81
81
|
if it should happen to be injected into some page in your app
|
82
82
|
email: dnelson@centresource.com
|
@@ -118,7 +118,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
118
118
|
version: '0'
|
119
119
|
segments:
|
120
120
|
- 0
|
121
|
-
hash:
|
121
|
+
hash: -1018777487133078925
|
122
122
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
123
123
|
none: false
|
124
124
|
requirements:
|