kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

dont include escaped_params because some other protection option has been set, related to rkh/rack-protection#6

Browse source
This commit is contained in:
Konstantin Haase 2011-10-04 15:13:40 -07:00
parent d0a8907998
commit d6fb8cc067
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/sinatra/base.rb
View file

@ -1360,8 +1360,8 @@ module Sinatra
def setup_protection(builder)
return unless protection?
options = Hash === protection ? protection.dup : {:except => [:escaped_params]}
options[:except] = Array options[:except]
options = Hash === protection ? protection.dup : {}
options[:except] = Array(options[:except] || :escaped_params)
options[:except] += [:session_hijacking, :remote_token] unless sessions?
builder.use Rack::Protection, options
end