kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Turn off CSP by default

Browse source 
/cc mperham/sidekiq#3070

Sorry for breaking stuff, Mike 🙇 🙇 🙇 🙇 🙇 🙇 🙇
This commit is contained in:
Zachary Scott 2016-07-29 08:51:02 +09:00
parent 0a0932e85e
commit 3c69609543
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
rack-protection/lib/rack/protection.rb
View file

@ -29,11 +29,14 @@ module Rack
end
Rack::Builder.new do
use ::Rack::Protection::RemoteReferrer, options if use_these.include? :remote_referrer
# Off by default, unless added
use ::Rack::Protection::AuthenticityToken, options if use_these.include? :authenticity_token
use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
use ::Rack::Protection::FormToken, options if use_these.include? :form_token
use ::Rack::Protection::RemoteReferrer, options if use_these.include? :remote_referrer
use ::Rack::Protection::StrictTransport, options if use_these.include? :strict_transport
use ::Rack::Protection::ContentSecurityPolicy, options unless except.include? :content_security_policy
# On by default, unless skipped
use ::Rack::Protection::FrameOptions, options unless except.include? :frame_options
use ::Rack::Protection::HttpOrigin, options unless except.include? :http_origin
use ::Rack::Protection::IPSpoofing, options unless except.include? :ip_spoofing