add docs to all middleware
This commit is contained in:
parent
f341cf7024
commit
d92302670f
|
@ -1,8 +0,0 @@
|
||||||
require 'rack/protection'
|
|
||||||
|
|
||||||
module Rack
|
|
||||||
module Protection
|
|
||||||
class AccessControl < Base
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -2,6 +2,17 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: CSRF
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||||
|
#
|
||||||
|
# Only accepts unsafe HTTP requests if a given access token matches the token
|
||||||
|
# included in the session.
|
||||||
|
#
|
||||||
|
# Compatible with Rails and rack-csrf.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class AuthenticityToken < Base
|
class AuthenticityToken < Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,16 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: XSS
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Cross-site_scripting
|
||||||
|
#
|
||||||
|
# Automatically escapes Rack::Request#params so they can be embedded in HTML
|
||||||
|
# or JavaScript without any further issues. Calls +html_safe+ on the escaped
|
||||||
|
# strings if defined, to avoid double-escaping in Rails.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class EscapedParams < Base
|
class EscapedParams < Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,20 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: CSRF
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||||
|
#
|
||||||
|
# Only accepts submitted forms if a given access token matches the token
|
||||||
|
# included in the session. Does not expect such a token from Ajax request.
|
||||||
|
#
|
||||||
|
# This middleware is not used when using the Rack::Protection collection,
|
||||||
|
# since it might be a security issue, depending on your application
|
||||||
|
#
|
||||||
|
# Compatible with Rails and rack-csrf.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class FormToken < AuthenticityToken
|
class FormToken < AuthenticityToken
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,18 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: CSRF
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||||
|
#
|
||||||
|
# Only accepts unsafe HTTP requests if the Referer [sic] header is set.
|
||||||
|
# Combine with RemoteRefferer for optimal security.
|
||||||
|
#
|
||||||
|
# This middleware is not used when using the Rack::Protection collection,
|
||||||
|
# since it renders web services unusable.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class NoReferrer < Base
|
class NoReferrer < Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,15 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: Directory traversal
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Directory_traversal
|
||||||
|
#
|
||||||
|
# Unescapes '/' and '.', expands +path_info+.
|
||||||
|
# Thus <tt>GET /foo/%2e%2e%2fbar</tt> becomes <tt>GET /bar</tt>.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class PathTraversal < Base
|
class PathTraversal < Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,18 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: CSRF
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||||
|
#
|
||||||
|
# Does not accept unsafe HTTP requests if the Referer [sic] header is set to
|
||||||
|
# a different host.
|
||||||
|
#
|
||||||
|
# Combine with NoReferrer to also block remote requests from non-HTTP pages
|
||||||
|
# (FTP/HTTPS/...).
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class RemoteReferrer < Base
|
class RemoteReferrer < Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,17 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: CSRF
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||||
|
#
|
||||||
|
# Only accepts unsafe HTTP requests if a given access token matches the token
|
||||||
|
# included in the session *or* the request comes from the same origin.
|
||||||
|
#
|
||||||
|
# Compatible with Rails and rack-csrf.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class RemoteToken < AuthenticityToken
|
class RemoteToken < AuthenticityToken
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,15 @@ require 'rack/protection'
|
||||||
|
|
||||||
module Rack
|
module Rack
|
||||||
module Protection
|
module Protection
|
||||||
|
##
|
||||||
|
# Prevented attack:: Session Hijacking
|
||||||
|
# Supported browsers:: all
|
||||||
|
# More infos:: http://en.wikipedia.org/wiki/Session_hijacking
|
||||||
|
#
|
||||||
|
# Tracks request properties like the user agent in the session and empties
|
||||||
|
# the session if those properties change.
|
||||||
|
#
|
||||||
|
# Not Yet Implemented!
|
||||||
class SessionHijacking < Base
|
class SessionHijacking < Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue