utopia 2.12.0 → 2.12.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f1ccbf6d14948ea0dba9dc444126117dcecfec2723bd6bda6278c8cb61e33f2
4
- data.tar.gz: 5d3bceb49b3e9d08bb7a88720445238b3fd6603afdc2862c918afae33ebd70b0
3
+ metadata.gz: 4c2d73d64912a98e6049ac462aacbaee632e8052247865001683a938d88da895
4
+ data.tar.gz: 0444d50ea58f8e7e55127b08d9356cbb03d586ac31caba467e9c4b947f026bda
5
5
  SHA512:
6
- metadata.gz: 45e93d16075a9f89a49fe3f1797ce2e337fb95abdc5a286b9d85c88320920ce020e14285f80f48bc5c25d7f1b45d5378a05157c7bd7354a9f5b5787a2b5b413f
7
- data.tar.gz: d9cbdaf061fc4d22e6657318adb33e59d6df1b1b07e93150f705b481e0561a6dfd376c0afbecc3a946203dd9c3b05ae05f6c5b932bc54f6f2c345afc630a1d0c
6
+ metadata.gz: a2ec30fea649857f33a5fa458badd5e65d0ba0860c2753f613faec4bf5604fd1535adbe727487c463c5f57287748d777debe77d7329d4fccbde0942e1c25ccc6
7
+ data.tar.gz: d23b069e223b6c105de660b0f84365e0e4f56a1a8af94eaf48b5fc24c6389c122acec57854e2e539346a4841fc6b6620887cbdf5c68214b06cdd4aceab35fe6e
@@ -73,7 +73,7 @@ module Utopia
73
73
  attr :root
74
74
 
75
75
  def links(path, **options)
76
- @links.index(path, options)
76
+ @links.index(path, **options)
77
77
  end
78
78
 
79
79
  def fetch_template(path)
@@ -50,9 +50,10 @@ module Utopia
50
50
 
51
51
  # @param session_name [String] The name of the session cookie.
52
52
  # @param secret [Array] The secret text used to generate a symetric encryption key for the coookie data.
53
+ # @param same_site [Symbol, String] Controls how the cookie is provided to the site.
53
54
  # @param expires_after [String] The cache-control header to set for static content.
54
55
  # @param options [Hash<Symbol,Object>] Additional defaults used for generating the cookie by `Rack::Utils.set_cookie_header!`.
55
- def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, maximum_size: MAXIMUM_SIZE, **options)
56
+ def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, same_site: :lax, maximum_size: MAXIMUM_SIZE, **options)
56
57
  @app = app
57
58
 
58
59
  @session_name = session_name
@@ -72,8 +73,13 @@ module Utopia
72
73
  @cookie_defaults = {
73
74
  domain: nil,
74
75
  path: "/",
76
+
77
+ # The SameSite attribute controls when the cookie is sent to the server, from 3rd parties (None), from requests with external referrers (Lax) or from within the site itself (Strict).
78
+ same_site: same_site,
79
+
75
80
  # The Secure attribute is meant to keep cookie communication limited to encrypted transmission, directing browsers to use cookies only via secure/encrypted connections. However, if a web server sets a cookie with a secure attribute from a non-secure connection, the cookie can still be intercepted when it is sent to the user by man-in-the-middle attacks. Therefore, for maximum security, cookies with the Secure attribute should only be set over a secure connection.
76
81
  secure: secure,
82
+
77
83
  # The HttpOnly attribute directs browsers not to expose cookies through channels other than HTTP (and HTTPS) requests. This means that the cookie cannot be accessed via client-side scripting languages (notably JavaScript), and therefore cannot be stolen easily via cross-site scripting (a pervasive attack technique).
78
84
  http_only: true,
79
85
  }.merge(options)
@@ -21,5 +21,5 @@
21
21
  # THE SOFTWARE.
22
22
 
23
23
  module Utopia
24
- VERSION = "2.12.0"
24
+ VERSION = "2.12.1"
25
25
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: utopia
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.12.0
4
+ version: 2.12.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Samuel Williams