Module: Rack::Protection

Defined in:
lib/rack/protection.rb,
lib/rack/protection/base.rb,
lib/rack/protection/version.rb,
lib/rack/protection/json_csrf.rb,
lib/rack/protection/form_token.rb,
lib/rack/protection/xss_header.rb,
lib/rack/protection/ip_spoofing.rb,
lib/rack/protection/remote_token.rb,
lib/rack/protection/frame_options.rb,
lib/rack/protection/escaped_params.rb,
lib/rack/protection/path_traversal.rb,
lib/rack/protection/remote_referrer.rb,
lib/rack/protection/session_hijacking.rb,
lib/rack/protection/authenticity_token.rb

Defined Under Namespace

Classes: AuthenticityToken, Base, EscapedParams, FormToken, FrameOptions, IPSpoofing, JsonCsrf, PathTraversal, RemoteReferrer, RemoteToken, SessionHijacking, XSSHeader

Constant Summary collapse

SIGNATURE = 
[1, 1, 2]
VERSION = 
SIGNATURE.join('.')

Class Method Summary collapse

Class Method Details

.new(app, options = {}) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/rack/protection.rb', line 19

def self.new(app, options = {})
  # does not include: RemoteReferrer, AuthenticityToken and FormToken
  except = Array options[:except]
  Rack::Builder.new do
    use EscapedParams,    options unless except.include? :escaped_params
    use FrameOptions,     options unless except.include? :frame_options
    use IPSpoofing,       options unless except.include? :ip_spoofing
    use JsonCsrf,         options unless except.include? :json_csrf
    use PathTraversal,    options unless except.include? :path_traversal
    use RemoteToken,      options unless except.include? :remote_token
    use SessionHijacking, options unless except.include? :session_hijacking
    use XSSHeader,        options unless except.include? :xss_header
    run app
  end.to_app
end

.versionObject 



3
4
5
 
# File 'lib/rack/protection/version.rb', line 3

def self.version
  VERSION
end