utopia 2.12.0 → 2.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/utopia/content.rb +1 -1
- data/lib/utopia/session.rb +7 -1
- data/lib/utopia/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4c2d73d64912a98e6049ac462aacbaee632e8052247865001683a938d88da895
|
4
|
+
data.tar.gz: 0444d50ea58f8e7e55127b08d9356cbb03d586ac31caba467e9c4b947f026bda
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a2ec30fea649857f33a5fa458badd5e65d0ba0860c2753f613faec4bf5604fd1535adbe727487c463c5f57287748d777debe77d7329d4fccbde0942e1c25ccc6
|
7
|
+
data.tar.gz: d23b069e223b6c105de660b0f84365e0e4f56a1a8af94eaf48b5fc24c6389c122acec57854e2e539346a4841fc6b6620887cbdf5c68214b06cdd4aceab35fe6e
|
data/lib/utopia/content.rb
CHANGED
data/lib/utopia/session.rb
CHANGED
@@ -50,9 +50,10 @@ module Utopia
|
|
50
50
|
|
51
51
|
# @param session_name [String] The name of the session cookie.
|
52
52
|
# @param secret [Array] The secret text used to generate a symetric encryption key for the coookie data.
|
53
|
+
# @param same_site [Symbol, String] Controls how the cookie is provided to the site.
|
53
54
|
# @param expires_after [String] The cache-control header to set for static content.
|
54
55
|
# @param options [Hash<Symbol,Object>] Additional defaults used for generating the cookie by `Rack::Utils.set_cookie_header!`.
|
55
|
-
def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, maximum_size: MAXIMUM_SIZE, **options)
|
56
|
+
def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, same_site: :lax, maximum_size: MAXIMUM_SIZE, **options)
|
56
57
|
@app = app
|
57
58
|
|
58
59
|
@session_name = session_name
|
@@ -72,8 +73,13 @@ module Utopia
|
|
72
73
|
@cookie_defaults = {
|
73
74
|
domain: nil,
|
74
75
|
path: "/",
|
76
|
+
|
77
|
+
# The SameSite attribute controls when the cookie is sent to the server, from 3rd parties (None), from requests with external referrers (Lax) or from within the site itself (Strict).
|
78
|
+
same_site: same_site,
|
79
|
+
|
75
80
|
# The Secure attribute is meant to keep cookie communication limited to encrypted transmission, directing browsers to use cookies only via secure/encrypted connections. However, if a web server sets a cookie with a secure attribute from a non-secure connection, the cookie can still be intercepted when it is sent to the user by man-in-the-middle attacks. Therefore, for maximum security, cookies with the Secure attribute should only be set over a secure connection.
|
76
81
|
secure: secure,
|
82
|
+
|
77
83
|
# The HttpOnly attribute directs browsers not to expose cookies through channels other than HTTP (and HTTPS) requests. This means that the cookie cannot be accessed via client-side scripting languages (notably JavaScript), and therefore cannot be stolen easily via cross-site scripting (a pervasive attack technique).
|
78
84
|
http_only: true,
|
79
85
|
}.merge(options)
|
data/lib/utopia/version.rb
CHANGED