do not enable parameter escaping by default, fixes #8
This commit is contained in:
parent
7b74143147
commit
18529c9bdd
|
@ -20,7 +20,6 @@ module Rack
|
|||
# does not include: RemoteReferrer, AuthenticityToken and FormToken
|
||||
except = Array options[:except]
|
||||
Rack::Builder.new do
|
||||
use ::Rack::Protection::EscapedParams, options unless except.include? :escaped_params
|
||||
use ::Rack::Protection::FrameOptions, options unless except.include? :frame_options
|
||||
use ::Rack::Protection::IPSpoofing, options unless except.include? :ip_spoofing
|
||||
use ::Rack::Protection::JsonCsrf, options unless except.include? :json_csrf
|
||||
|
|
Loading…
Reference in New Issue