add docs to all middleware
This commit is contained in:
parent
f341cf7024
commit
d92302670f
|
@ -1,8 +0,0 @@
|
|||
require 'rack/protection'
|
||||
|
||||
module Rack
|
||||
module Protection
|
||||
class AccessControl < Base
|
||||
end
|
||||
end
|
||||
end
|
|
@ -2,6 +2,17 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: CSRF
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||
#
|
||||
# Only accepts unsafe HTTP requests if a given access token matches the token
|
||||
# included in the session.
|
||||
#
|
||||
# Compatible with Rails and rack-csrf.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class AuthenticityToken < Base
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,16 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: XSS
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Cross-site_scripting
|
||||
#
|
||||
# Automatically escapes Rack::Request#params so they can be embedded in HTML
|
||||
# or JavaScript without any further issues. Calls +html_safe+ on the escaped
|
||||
# strings if defined, to avoid double-escaping in Rails.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class EscapedParams < Base
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,20 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: CSRF
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||
#
|
||||
# Only accepts submitted forms if a given access token matches the token
|
||||
# included in the session. Does not expect such a token from Ajax request.
|
||||
#
|
||||
# This middleware is not used when using the Rack::Protection collection,
|
||||
# since it might be a security issue, depending on your application
|
||||
#
|
||||
# Compatible with Rails and rack-csrf.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class FormToken < AuthenticityToken
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,18 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: CSRF
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||
#
|
||||
# Only accepts unsafe HTTP requests if the Referer [sic] header is set.
|
||||
# Combine with RemoteRefferer for optimal security.
|
||||
#
|
||||
# This middleware is not used when using the Rack::Protection collection,
|
||||
# since it renders web services unusable.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class NoReferrer < Base
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,15 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: Directory traversal
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Directory_traversal
|
||||
#
|
||||
# Unescapes '/' and '.', expands +path_info+.
|
||||
# Thus <tt>GET /foo/%2e%2e%2fbar</tt> becomes <tt>GET /bar</tt>.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class PathTraversal < Base
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,18 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: CSRF
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||
#
|
||||
# Does not accept unsafe HTTP requests if the Referer [sic] header is set to
|
||||
# a different host.
|
||||
#
|
||||
# Combine with NoReferrer to also block remote requests from non-HTTP pages
|
||||
# (FTP/HTTPS/...).
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class RemoteReferrer < Base
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,17 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: CSRF
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
||||
#
|
||||
# Only accepts unsafe HTTP requests if a given access token matches the token
|
||||
# included in the session *or* the request comes from the same origin.
|
||||
#
|
||||
# Compatible with Rails and rack-csrf.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class RemoteToken < AuthenticityToken
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,6 +2,15 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Prevented attack:: Session Hijacking
|
||||
# Supported browsers:: all
|
||||
# More infos:: http://en.wikipedia.org/wiki/Session_hijacking
|
||||
#
|
||||
# Tracks request properties like the user agent in the session and empties
|
||||
# the session if those properties change.
|
||||
#
|
||||
# Not Yet Implemented!
|
||||
class SessionHijacking < Base
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue