-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathomniauth-rails_csrf_protection.gemspec
42 lines (32 loc) · 1.46 KB
/
omniauth-rails_csrf_protection.gemspec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
lib = File.expand_path("lib", __dir__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require "omniauth/rails_csrf_protection/version"
Gem::Specification.new do |spec|
spec.name = "omniauth-rails_csrf_protection"
spec.version = OmniAuth::RailsCsrfProtection::VERSION
spec.authors = ["Cookpad Inc."]
spec.email = ["[email protected]"]
spec.summary = <<~SUMMARY
Provides CSRF protection on OmniAuth request endpoint on Rails application.
SUMMARY
spec.description = <<~DESCRIPTION
This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request
Forgery on the request phrase when using OmniAuth gem with a Ruby on Rails
application) by implementing a CSRF token verifier that directly utilize
`ActionController::RequestForgeryProtection` code from Rails.
DESCRIPTION
spec.homepage = "https://github.com/cookpad/omniauth-rails_csrf_protection"
spec.license = "MIT"
spec.files = Dir["lib/**/*.rb", "LICENSE.txt", "README.md"]
spec.test_files = Dir["test/**/*.rb"]
spec.require_paths = ["lib"]
spec.add_dependency "actionpack", ">= 4.2"
spec.add_dependency "omniauth", "~> 2.0"
spec.add_development_dependency "bundler"
spec.add_development_dependency "minitest"
# We set requirement for Edge Rails in the Gemfile
unless ENV["RAILS_VERSION"] == "edge"
spec.add_development_dependency "rails", ENV["RAILS_VERSION"]
end
spec.add_development_dependency "rake"
end