Linkify protection docs
This commit is contained in:
parent
ea1a21c073
commit
ec08e37bf8
|
@ -1,7 +1,5 @@
|
|||
# Rack::Protection
|
||||
|
||||
[![Build Status](https://secure.travis-ci.org/sinatra/rack-protection.svg)](http://travis-ci.org/sinatra/rack-protection)
|
||||
|
||||
This gem protects against typical web attacks.
|
||||
Should work for all Rack apps, including Rails.
|
||||
|
||||
|
@ -40,55 +38,55 @@ run MyApp
|
|||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::AuthenticityToken` (not included by `use Rack::Protection`)
|
||||
* `Rack::Protection::FormToken` (not included by `use Rack::Protection`)
|
||||
* `Rack::Protection::JsonCsrf`
|
||||
* `Rack::Protection::RemoteReferrer` (not included by `use Rack::Protection`)
|
||||
* `Rack::Protection::RemoteToken`
|
||||
* `Rack::Protection::HttpOrigin`
|
||||
* [`Rack::Protection::AuthenticityToken`][authenticity-token] (not included by `use Rack::Protection`)
|
||||
* [`Rack::Protection::FormToken`][form-token] (not included by `use Rack::Protection`)
|
||||
* [`Rack::Protection::JsonCsrf`][json-csrf]
|
||||
* [`Rack::Protection::RemoteReferrer`][remote-referrer] (not included by `use Rack::Protection`)
|
||||
* [`Rack::Protection::RemoteToken`][remote-token]
|
||||
* [`Rack::Protection::HttpOrigin`][http-origin]
|
||||
|
||||
## Cross Site Scripting
|
||||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::EscapedParams` (not included by `use Rack::Protection`)
|
||||
* `Rack::Protection::XSSHeader` (Internet Explorer and Chrome only)
|
||||
* `Rack::Protection::ContentSecurityPolicy`
|
||||
* [`Rack::Protection::EscapedParams`][escaped-params] (not included by `use Rack::Protection`)
|
||||
* [`Rack::Protection::XSSHeader`][xss-header] (Internet Explorer and Chrome only)
|
||||
* [`Rack::Protection::ContentSecurityPolicy`][content-security-policy]
|
||||
|
||||
## Clickjacking
|
||||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::FrameOptions`
|
||||
* [`Rack::Protection::FrameOptions`][frame-options]
|
||||
|
||||
## Directory Traversal
|
||||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::PathTraversal`
|
||||
* [`Rack::Protection::PathTraversal`][path-traversal]
|
||||
|
||||
## Session Hijacking
|
||||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::SessionHijacking`
|
||||
* [`Rack::Protection::SessionHijacking`][session-hijacking]
|
||||
|
||||
## Cookie Tossing
|
||||
|
||||
Prevented by:
|
||||
* `Rack::Protection::CookieTossing` (not included by `use Rack::Protection`)
|
||||
* [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
|
||||
|
||||
## IP Spoofing
|
||||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::IPSpoofing`
|
||||
* [`Rack::Protection::IPSpoofing`][ip-spoofing]
|
||||
|
||||
## Helps to protect against protocol downgrade attacks and cookie hijacking
|
||||
|
||||
Prevented by:
|
||||
|
||||
* `Rack::Protection::StrictTransport` (not included by `use Rack::Protection`)
|
||||
* [`Rack::Protection::StrictTransport`][strict-transport] (not included by `use Rack::Protection`)
|
||||
|
||||
# Installation
|
||||
|
||||
|
@ -102,3 +100,19 @@ use Rack::Protection, instrumenter: ActiveSupport::Notifications
|
|||
```
|
||||
|
||||
The instrumenter is passed a namespace (String) and environment (Hash). The namespace is 'rack.protection' and the attack type can be obtained from the environment key 'rack.protection.attack'.
|
||||
|
||||
[authenticity-token]: /protection/authenticity_token
|
||||
[content-security-policy]: /protection/content_security_policy
|
||||
[cookie-tossing]: /protection/cookie_tossing
|
||||
[escaped-params]: /protection/escaped_params
|
||||
[form-token]: /protection/form_token
|
||||
[frame-options]: /protection/frame_options
|
||||
[http-origin]: /protection/http_origin
|
||||
[ip-spoofing]: /protection/ip_spoofing
|
||||
[json-csrf]: /protection/json_csrf
|
||||
[path-traversal]: /protection/path_traversal
|
||||
[remote-referrer]: /protection/remote_referrer
|
||||
[remote-token]: /protection/remote_token
|
||||
[session-hijacking]: /protection/session_hijacking
|
||||
[strict-transport]: /protection/strict_transport
|
||||
[xss-header]: /protection/xss_header
|
||||
|
|
Loading…
Reference in New Issue