From 47e4fb289a8644ed0f461cb6dd1df5a20c589c3d Mon Sep 17 00:00:00 2001
From: Alex Rodionov <p0deje@gmail.com>
Date: Mon, 30 Jan 2012 15:57:25 +0700
Subject: [PATCH] Use HTTP Origin by default

---
 rack-protection/lib/rack/protection.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rack-protection/lib/rack/protection.rb b/rack-protection/lib/rack/protection.rb
index 04d4c0a0..ff842659 100644
--- a/rack-protection/lib/rack/protection.rb
+++ b/rack-protection/lib/rack/protection.rb
@@ -8,6 +8,7 @@ module Rack
     autoload :EscapedParams,     'rack/protection/escaped_params'
     autoload :FormToken,         'rack/protection/form_token'
     autoload :FrameOptions,      'rack/protection/frame_options'
+    autoload :HttpOrigin,        'rack/protection/http_origin'
     autoload :IPSpoofing,        'rack/protection/ip_spoofing'
     autoload :JsonCsrf,          'rack/protection/json_csrf'
     autoload :PathTraversal,     'rack/protection/path_traversal'
@@ -21,6 +22,7 @@ module Rack
       except = Array options[:except]
       Rack::Builder.new do
         use ::Rack::Protection::FrameOptions,     options unless except.include? :frame_options
+        use ::Rack::Protection::HttpOrigin,       options unless except.include? :http_origin
         use ::Rack::Protection::IPSpoofing,       options unless except.include? :ip_spoofing
         use ::Rack::Protection::JsonCsrf,         options unless except.include? :json_csrf
         use ::Rack::Protection::PathTraversal,    options unless except.include? :path_traversal