From 2d839f82b7213b6fdbfe82fee4a14c779e984f5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20B=C3=A4lter?= <anders@84codes.com>
Date: Fri, 14 Aug 2020 10:42:43 +0200
Subject: [PATCH] Enable EscapedParams if passed via settings

---
 rack-protection/lib/rack/protection.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rack-protection/lib/rack/protection.rb b/rack-protection/lib/rack/protection.rb
index 095232b8..be2c03f3 100644
--- a/rack-protection/lib/rack/protection.rb
+++ b/rack-protection/lib/rack/protection.rb
@@ -33,8 +33,9 @@ module Rack
       Rack::Builder.new do
         # Off by default, unless added
         use ::Rack::Protection::AuthenticityToken,     options if use_these.include? :authenticity_token
-        use ::Rack::Protection::CookieTossing,         options if use_these.include? :cookie_tossing
         use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
+        use ::Rack::Protection::CookieTossing,         options if use_these.include? :cookie_tossing
+        use ::Rack::Protection::EscapedParams,         options if use_these.include? :escaped_params
         use ::Rack::Protection::FormToken,             options if use_these.include? :form_token
         use ::Rack::Protection::ReferrerPolicy,        options if use_these.include? :referrer_policy
         use ::Rack::Protection::RemoteReferrer,        options if use_these.include? :remote_referrer