Module: Rack::Protection
- Defined in:
- lib/vendor/rack-protection-1.5.1/lib/rack/protection.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/base.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/version.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/json_csrf.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/form_token.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/xss_header.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/http_origin.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/ip_spoofing.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/remote_token.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/frame_options.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/escaped_params.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/path_traversal.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/remote_referrer.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/session_hijacking.rb,
lib/vendor/rack-protection-1.5.1/lib/rack/protection/authenticity_token.rb
Defined Under Namespace
Classes: AuthenticityToken, Base, EscapedParams, FormToken, FrameOptions, HttpOrigin, IPSpoofing, JsonCsrf, PathTraversal, RemoteReferrer, RemoteToken, SessionHijacking, XSSHeader
Constant Summary collapse
- SIGNATURE =
[1, 5, 1]
- VERSION =
SIGNATURE.join('.')
Class Method Summary collapse
Class Method Details
.new(app, options = {}) ⇒ Object
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/vendor/rack-protection-1.5.1/lib/rack/protection.rb', line 20 def self.new(app, = {}) # does not include: RemoteReferrer, AuthenticityToken and FormToken except = Array [:except] use_these = Array [:use] Rack::Builder.new do use ::Rack::Protection::RemoteReferrer, if use_these.include? :remote_referrer use ::Rack::Protection::AuthenticityToken, if use_these.include? :authenticity_token use ::Rack::Protection::FormToken, if use_these.include? :form_token use ::Rack::Protection::FrameOptions, unless except.include? :frame_options use ::Rack::Protection::HttpOrigin, unless except.include? :http_origin use ::Rack::Protection::IPSpoofing, unless except.include? :ip_spoofing use ::Rack::Protection::JsonCsrf, unless except.include? :json_csrf use ::Rack::Protection::PathTraversal, unless except.include? :path_traversal use ::Rack::Protection::RemoteToken, unless except.include? :remote_token use ::Rack::Protection::SessionHijacking, unless except.include? :session_hijacking use ::Rack::Protection::XSSHeader, unless except.include? :xss_header run app end.to_app end |