./www/ruby-rack-ssl, Rack middleware to force SSL/TLS

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.1, Package name: ruby24-rack-ssl-1.4.1, Maintainer: pkgsrc-users

Rack::SSL
=========

Force SSL/TLS in your app.

1. Redirects all "http" requests to "https"
2. Set `Strict-Transport-Security` header
3. Flag all cookies as "secure"


Required to run:
[www/ruby-rack14] [lang/ruby24-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 87f2fb53c6882436b8d522288993d658dc7025ce
RMD160: ec435a9c691245fa77d4f0f5a60d57707b0353a1
Filesize: 6 KB

Version history: (Expand)


CVS history: (Expand)


   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-13 18:31:37 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack-ssl to 1.4.1.

* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.

  Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
  the resulting exception. This creates an attack vector for XSS attacks.

* Added more installation/usage instructions into the README

* Return 400 instead of 404 in case of InvalidURIError

* Include Content-Type in 400 response.
  To stay compatible with old Rack versions.

* Skip URI parsing Request#url
  URI may fail to parse some legit URL paths.
   2014-03-21 02:06:47 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Add security fix for CVE-2014-2538.

Bump PKGREVISION.
   2013-03-10 10:16:46 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
Make depends to www/ruby-rack14 instead of www/ruby-rack.

Bump PKGREVISION.
   2013-02-11 05:03:45 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ruby-rack-ssl to 1.3.3.

o Add :port to options.
o use status 307 for anything but GET or HEAD.
   2011-12-15 16:29:27 by Takahiro Kambe | Files touched by this commit (4) | Imported package
Log message:
Importing www/ruby-rack-ssl package version 1.3.2.