Tim Lucas
2005-Oct-24 14:05 UTC
[ANN] 2 new rails plugins: security_extensions and asset_timestamping
Hey all, Announcing two new Rails (0.14.1) plugins: security_extensions and asset_timestamping == security_extensions = A set of filters and tests to help protect from CSRF vulnerabilities. At the core are two useful abstractions: verify_form_posts_have_security_token and secure_form_tag. More information: http://svn.aviditybytes.com/rails/plugins/security_extensions/doc/ index.html Installation: $ cd vendor/plugins $ svn export http://svn.aviditybytes.com/rails/plugins/ security_extensions == asset_timestamping = Having problems asking your users to flush their browser cache to retrieve the latest CSS and JS files? Drop this plugin into your vendor/plugins and all static assets will have their last modified timestamp appended to their URL, so next time they update all users will receive the latest version. More information: http://svn.aviditybytes.com/rails/plugins/asset_timestamping/doc/ index.html Installation: $ cd vendor/plugins $ svn export http://svn.aviditybytes.com/rails/plugins/ asset_timestamping BTW for those using SVN a good way to place these into your vendor/ plugins is using svn:externals. This way you can keep up to date with any new patches that I apply w/o hassles... and in case you didn''t know you can also specify -r in your external def''n to lock SVN to a certain revision. All feedback, bugs and patches are welcome. -- Tim Lucas
Jamis Buck
2005-Oct-24 14:41 UTC
Re: [ANN] 2 new rails plugins: security_extensions and asset_timestamping
On Oct 24, 2005, at 8:05 AM, Tim Lucas wrote:> == asset_timestamping => > Having problems asking your users to flush their browser cache to > retrieve the latest CSS and JS files? Drop this plugin into your > vendor/plugins and all static assets will have their last modified > timestamp appended to their URL, so next time they update all users > will receive the latest version. > > More information: > http://svn.aviditybytes.com/rails/plugins/asset_timestamping/doc/ > index.html > > Installation: > $ cd vendor/plugins > $ svn export http://svn.aviditybytes.com/rails/plugins/ > asset_timestampingThis is something I''ve been wanting for some time. Thank-you, Tim! I''ll give it a spin later today. What license are you releasing these plugins under? Are they okay for commercial use? - Jamis
Hammed Malik
2005-Oct-24 16:28 UTC
Re: [ANN] 2 new rails plugins: security_extensions and asset_timestamping
Thanks Tim! Asset timestamping will come in really handy. On 24/10/05, Tim Lucas <t.lucas-l/qNJNvq70OzaBltdDZI6w@public.gmane.org> wrote:> > Hey all, > > Announcing two new Rails (0.14.1) plugins: security_extensions and > asset_timestamping > > == security_extensions => > A set of filters and tests to help protect from CSRF vulnerabilities. > At the core are two useful abstractions: > verify_form_posts_have_security_token and secure_form_tag. > > More information: > http://svn.aviditybytes.com/rails/plugins/security_extensions/doc/ > index.html > > Installation: > $ cd vendor/plugins > $ svn export http://svn.aviditybytes.com/rails/plugins/ > security_extensions > > > == asset_timestamping => > Having problems asking your users to flush their browser cache to > retrieve the latest CSS and JS files? Drop this plugin into your > vendor/plugins and all static assets will have their last modified > timestamp appended to their URL, so next time they update all users > will receive the latest version. > > More information: > http://svn.aviditybytes.com/rails/plugins/asset_timestamping/doc/ > index.html > > Installation: > $ cd vendor/plugins > $ svn export http://svn.aviditybytes.com/rails/plugins/ > asset_timestamping > > > BTW for those using SVN a good way to place these into your vendor/ > plugins is using svn:externals. This way you can keep up to date with > any new patches that I apply w/o hassles... and in case you didn''t > know you can also specify -r in your external def''n to lock SVN to a > certain revision. > > All feedback, bugs and patches are welcome. > > -- Tim Lucas > > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Tim Lucas
2005-Oct-24 23:52 UTC
Re: [ANN] 2 new rails plugins: security_extensions and asset_timestamping
On 25/10/2005, at 12:41 AM, Jamis Buck wrote:> On Oct 24, 2005, at 8:05 AM, Tim Lucas wrote: > > > >> == asset_timestamping =>> >> Having problems asking your users to flush their browser cache to >> retrieve the latest CSS and JS files? Drop this plugin into your >> vendor/plugins and all static assets will have their last modified >> timestamp appended to their URL, so next time they update all >> users will receive the latest version. >> >> More information: >> http://svn.aviditybytes.com/rails/plugins/asset_timestamping/doc/ >> index.html >> >> Installation: >> $ cd vendor/plugins >> $ svn export http://svn.aviditybytes.com/rails/plugins/ >> asset_timestamping >> >> > > This is something I''ve been wanting for some time. Thank-you, Tim! > I''ll give it a spin later today. What license are you releasing > these plugins under? Are they okay for commercial use? >Everything''s under the MIT license. I''ve added a LICENSE to each project directory. Have fun! -- tim