diff --git a/rack-protection/README.md b/rack-protection/README.md index 06aad97a..a2ac32b5 100644 --- a/rack-protection/README.md +++ b/rack-protection/README.md @@ -1,7 +1,5 @@ # Rack::Protection -[![Build Status](https://secure.travis-ci.org/sinatra/rack-protection.svg)](http://travis-ci.org/sinatra/rack-protection) - This gem protects against typical web attacks. Should work for all Rack apps, including Rails. @@ -40,55 +38,55 @@ run MyApp Prevented by: -* `Rack::Protection::AuthenticityToken` (not included by `use Rack::Protection`) -* `Rack::Protection::FormToken` (not included by `use Rack::Protection`) -* `Rack::Protection::JsonCsrf` -* `Rack::Protection::RemoteReferrer` (not included by `use Rack::Protection`) -* `Rack::Protection::RemoteToken` -* `Rack::Protection::HttpOrigin` +* [`Rack::Protection::AuthenticityToken`][authenticity-token] (not included by `use Rack::Protection`) +* [`Rack::Protection::FormToken`][form-token] (not included by `use Rack::Protection`) +* [`Rack::Protection::JsonCsrf`][json-csrf] +* [`Rack::Protection::RemoteReferrer`][remote-referrer] (not included by `use Rack::Protection`) +* [`Rack::Protection::RemoteToken`][remote-token] +* [`Rack::Protection::HttpOrigin`][http-origin] ## Cross Site Scripting Prevented by: -* `Rack::Protection::EscapedParams` (not included by `use Rack::Protection`) -* `Rack::Protection::XSSHeader` (Internet Explorer and Chrome only) -* `Rack::Protection::ContentSecurityPolicy` +* [`Rack::Protection::EscapedParams`][escaped-params] (not included by `use Rack::Protection`) +* [`Rack::Protection::XSSHeader`][xss-header] (Internet Explorer and Chrome only) +* [`Rack::Protection::ContentSecurityPolicy`][content-security-policy] ## Clickjacking Prevented by: -* `Rack::Protection::FrameOptions` +* [`Rack::Protection::FrameOptions`][frame-options] ## Directory Traversal Prevented by: -* `Rack::Protection::PathTraversal` +* [`Rack::Protection::PathTraversal`][path-traversal] ## Session Hijacking Prevented by: -* `Rack::Protection::SessionHijacking` +* [`Rack::Protection::SessionHijacking`][session-hijacking] ## Cookie Tossing Prevented by: -* `Rack::Protection::CookieTossing` (not included by `use Rack::Protection`) +* [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`) ## IP Spoofing Prevented by: -* `Rack::Protection::IPSpoofing` +* [`Rack::Protection::IPSpoofing`][ip-spoofing] ## Helps to protect against protocol downgrade attacks and cookie hijacking Prevented by: -* `Rack::Protection::StrictTransport` (not included by `use Rack::Protection`) +* [`Rack::Protection::StrictTransport`][strict-transport] (not included by `use Rack::Protection`) # Installation @@ -102,3 +100,19 @@ use Rack::Protection, instrumenter: ActiveSupport::Notifications ``` The instrumenter is passed a namespace (String) and environment (Hash). The namespace is 'rack.protection' and the attack type can be obtained from the environment key 'rack.protection.attack'. + +[authenticity-token]: /protection/authenticity_token +[content-security-policy]: /protection/content_security_policy +[cookie-tossing]: /protection/cookie_tossing +[escaped-params]: /protection/escaped_params +[form-token]: /protection/form_token +[frame-options]: /protection/frame_options +[http-origin]: /protection/http_origin +[ip-spoofing]: /protection/ip_spoofing +[json-csrf]: /protection/json_csrf +[path-traversal]: /protection/path_traversal +[remote-referrer]: /protection/remote_referrer +[remote-token]: /protection/remote_token +[session-hijacking]: /protection/session_hijacking +[strict-transport]: /protection/strict_transport +[xss-header]: /protection/xss_header