Version 4.2.0

jsanders · Mar 31, 2020 · b40626a · b40626a
1 parent 8746e96
commit b40626a
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 16 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -21,10 +21,13 @@ Layout/LineLength:
 
 Metrics/MethodLength:
   CountComments: false
-  Max: 10
+  Max: 15
 
 Metrics/ModuleLength:
-  Max: 100
+  Max: 150
+
+Metrics/ClassLength:
+  Max: 150
 
 Metrics/ParameterLists:
   Max: 5
@@ -63,4 +66,4 @@ Style/HashTransformKeys:
   Enabled: false
 
 Style/HashTransformValues:
-  Enabled: false
+  Enabled: false
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 4.2.0 (31-Mar-20)
+
+* Added a new [`angular_rails_csrf_same_site` option](https://github.com/jsanders/angular_rails_csrf#samesite) which defaults to `:lax` (thanks, [@timobleeker](https://github.com/timobleeker))
+  + This option is introduced to comply with the latest changes: https://www.chromium.org/updates/same-site
+* Update cops
+
 ## 4.1.0 (03-Feb-20)
 
 * Added a new [`angular_rails_csrf_secure` option](https://github.com/jsanders/angular_rails_csrf#secure-cookie) (thanks, [@DougKeller](https://github.com/DougKeller))

diff --git a/README.md b/README.md
@@ -68,7 +68,7 @@ end
 
 ### SameSite
 
-The SameSite attribute now defaults to `:lax`. You can override this in the config:
+The SameSite attribute defaults to `:lax`. You can override this in the config:
 
 ```ruby
 # application.rb
@@ -78,7 +78,7 @@ class Application < Rails::Application
 end
 ```
 
-**NOTE**: When using `SameSite=None`, this gem automatically sets the cookie to `Secure`.
+**NOTE**: When using `config.angular_rails_csrf_same_site = :none`, this gem automatically sets the cookie to `Secure` (`config.angular_rails_csrf_secure = true`) to comply with [the specifications](https://tools.ietf.org/html/draft-west-cookie-incrementalism-00).
 
 ### Exclusions
 

diff --git a/angular_rails_csrf.gemspec b/angular_rails_csrf.gemspec
@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'test-unit', '~> 3.2'
   if ENV['TEST_RAILS_VERSION'].nil?
-    s.add_development_dependency 'rails', '6.0.2.1'
+    s.add_development_dependency 'rails', '6.0.2.2'
   else
     s.add_development_dependency 'rails', ENV['TEST_RAILS_VERSION'].to_s
   end

diff --git a/lib/angular_rails_csrf/concern.rb b/lib/angular_rails_csrf/concern.rb
@@ -13,17 +13,17 @@ def set_xsrf_token_cookie
 
       config = Rails.application.config
 
-      same_site = config.respond_to?(:angular_rails_csrf_same_site) ? config.angular_rails_csrf_same_site : :lax
-      secure = config.angular_rails_csrf_secure if config.respond_to?(:angular_rails_csrf_secure)
+      same_site = same_site_from config
+      secure = secure_from config
 
       cookie_options = {
         value: form_authenticity_token,
-        domain: config.respond_to?(:angular_rails_csrf_domain) ? config.angular_rails_csrf_domain : nil,
+        domain: domain_from(config),
         same_site: same_site,
-        secure: same_site == :none || secure
+        secure: same_site.eql?(:none) || secure
       }
 
-      cookie_name = config.respond_to?(:angular_rails_csrf_cookie_name) ? config.angular_rails_csrf_cookie_name : 'XSRF-TOKEN'
+      cookie_name = cookie_name_from config
       cookies[cookie_name] = cookie_options
     end
 
@@ -35,6 +35,24 @@ def verified_request?
       end
     end
 
+    private
+
+    def same_site_from(config)
+      config.respond_to?(:angular_rails_csrf_same_site) ? config.angular_rails_csrf_same_site : :lax
+    end
+
+    def secure_from(config)
+      config.angular_rails_csrf_secure if config.respond_to?(:angular_rails_csrf_secure)
+    end
+
+    def domain_from(config)
+      config.respond_to?(:angular_rails_csrf_domain) ? config.angular_rails_csrf_domain : nil
+    end
+
+    def cookie_name_from(config)
+      config.respond_to?(:angular_rails_csrf_cookie_name) ? config.angular_rails_csrf_cookie_name : 'XSRF-TOKEN'
+    end
+
     module ClassMethods
       def exclude_xsrf_token_cookie
         class_eval do

diff --git a/lib/angular_rails_csrf/version.rb b/lib/angular_rails_csrf/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AngularRailsCsrf
-  VERSION = '4.1.0'
+  VERSION = '4.2.0'
 end
diff --git a/test/angular_rails_csrf_test.rb b/test/angular_rails_csrf_test.rb
@@ -74,10 +74,10 @@ def config.angular_rails_csrf_domain
   end
 
   test 'same_site is set to Lax by default' do
-      get :index
-      assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
-      assert_valid_cookie
-      assert_response :success
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
+    assert_valid_cookie
+    assert_response :success
   end
 
   test 'same_site can be configured' do