Module: Rack::Protection

Defined in:
lib/rack/protection.rb,
lib/rack/protection/base.rb,
lib/rack/protection/version.rb,
lib/rack/protection/json_csrf.rb,
lib/rack/protection/form_token.rb,
lib/rack/protection/xss_header.rb,
lib/rack/protection/http_origin.rb,
lib/rack/protection/ip_spoofing.rb,
lib/rack/protection/remote_token.rb,
lib/rack/protection/frame_options.rb,
lib/rack/protection/escaped_params.rb,
lib/rack/protection/path_traversal.rb,
lib/rack/protection/remote_referrer.rb,
lib/rack/protection/session_hijacking.rb,
lib/rack/protection/authenticity_token.rb

Defined Under Namespace

Classes: AuthenticityToken, Base, EscapedParams, FormToken, FrameOptions, HttpOrigin, IPSpoofing, JsonCsrf, PathTraversal, RemoteReferrer, RemoteToken, SessionHijacking, XSSHeader

Constant Summary collapse

SIGNATURE = 
[1, 5, 4]
VERSION = 
SIGNATURE.join('.')

Class Method Summary collapse

Class Method Details

.new(app, options = {}) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/rack/protection.rb', line 20

def self.new(app, options = {})
  # does not include: RemoteReferrer, AuthenticityToken and FormToken
  except = Array options[:except]
  use_these = Array options[:use]
  Rack::Builder.new do
    use ::Rack::Protection::RemoteReferrer,   options if use_these.include? :remote_referrer
    use ::Rack::Protection::AuthenticityToken,options if use_these.include? :authenticity_token
    use ::Rack::Protection::FormToken,        options if use_these.include? :form_token
    use ::Rack::Protection::FrameOptions,     options unless except.include? :frame_options
    use ::Rack::Protection::HttpOrigin,       options unless except.include? :http_origin
    use ::Rack::Protection::IPSpoofing,       options unless except.include? :ip_spoofing
    use ::Rack::Protection::JsonCsrf,         options unless except.include? :json_csrf
    use ::Rack::Protection::PathTraversal,    options unless except.include? :path_traversal
    use ::Rack::Protection::RemoteToken,      options unless except.include? :remote_token
    use ::Rack::Protection::SessionHijacking, options unless except.include? :session_hijacking
    use ::Rack::Protection::XSSHeader,        options unless except.include? :xss_header
    run app
  end.to_app
end

.versionObject 



3
4
5
 
# File 'lib/rack/protection/version.rb', line 3

def self.version
  VERSION
end