remove Sinatra::Protection (part of Sinatra now)
This commit is contained in:
parent
e174c1171f
commit
f38fc52a8a
|
@ -41,9 +41,6 @@ Currently included:
|
|||
|
||||
* `sinatra/namespace`: Adds namespace support to Sinatra.
|
||||
|
||||
* `sinatra/protection`: Sets up rack-protection to protect common attacks
|
||||
against your application.
|
||||
|
||||
* `sinatra/respond_with`: Choose action and/or template depending automatically
|
||||
depending on the incoming request. Adds helpers `respond_to` and
|
||||
`respond_with`.
|
||||
|
@ -100,13 +97,13 @@ A single extension (example: sinatra-content-for):
|
|||
``` ruby
|
||||
require 'sinatra/base'
|
||||
require 'sinatra/content_for'
|
||||
require 'sinatra/protection'
|
||||
require 'sinatra/namespace'
|
||||
|
||||
class MyApp < Sinatra::Base
|
||||
# Note: Some modules are extensions, some helpers, see the specific
|
||||
# documentation or the source
|
||||
helpers Sinatra::ContentFor
|
||||
register Sinatra::Protection
|
||||
register Sinatra::Namespace
|
||||
end
|
||||
```
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@ module Sinatra
|
|||
module Common
|
||||
register :ConfigFile
|
||||
register :Namespace
|
||||
register :Protection
|
||||
register :RespondWith
|
||||
|
||||
helpers :Capture
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
require 'sinatra/base'
|
||||
require 'rack/protection'
|
||||
|
||||
module Sinatra
|
||||
|
||||
# = Sinatra::Protection
|
||||
#
|
||||
# Sets up {rack-protection}[https://github.com/rkh/rack-protection] to
|
||||
# prevent common attacks against your application.
|
||||
#
|
||||
# == Usage
|
||||
# The protection modes used can be configured by the +protection+ setting:
|
||||
#
|
||||
# require 'sinatra'
|
||||
# require 'sinatra/protection'
|
||||
#
|
||||
# set :protection, :except => :path_traversal
|
||||
#
|
||||
# There are a few, partly protection specific options you can set, too:
|
||||
#
|
||||
# set :protection,
|
||||
# :reaction => :deny, # block malicious requests, alternative: :drop_session
|
||||
# :frame_options => :deny # do not allow any embedding in frames (default: :sameorigin)
|
||||
#
|
||||
# For more information, see rack-protection.
|
||||
#
|
||||
# === Classic Application
|
||||
#
|
||||
# As with any other extension, you have to register this one manually in a
|
||||
# classic application:
|
||||
#
|
||||
# require 'sinatra/base'
|
||||
# require 'sinatra/protection'
|
||||
#
|
||||
# class MyApp < Sinatra::Base
|
||||
# register Sinatra::Protection
|
||||
# end
|
||||
module Protection
|
||||
def setup_default_middleware(builder)
|
||||
super
|
||||
if protection
|
||||
options = protection == true ? {} : protection
|
||||
builder.use Rack::Protection, options
|
||||
end
|
||||
end
|
||||
|
||||
def self.registered(base)
|
||||
base.enable :protection
|
||||
end
|
||||
end
|
||||
|
||||
register Sinatra::Namespace
|
||||
end
|
|
@ -1,45 +0,0 @@
|
|||
require 'backports'
|
||||
require_relative 'spec_helper'
|
||||
|
||||
class MiddlewareTracker < Rack::Builder
|
||||
def self.used
|
||||
@used ||= []
|
||||
end
|
||||
|
||||
def use(middleware, *)
|
||||
MiddlewareTracker.used << middleware
|
||||
super
|
||||
end
|
||||
end
|
||||
|
||||
describe Sinatra::Protection do
|
||||
before do
|
||||
Rack.send :remove_const, :Builder
|
||||
Rack.const_set :Builder, MiddlewareTracker
|
||||
MiddlewareTracker.used.clear
|
||||
end
|
||||
|
||||
after do
|
||||
Rack.send :remove_const, :Builder
|
||||
Rack.const_set :Builder, MiddlewareTracker.superclass
|
||||
end
|
||||
|
||||
it 'sets up Rack::Protection' do
|
||||
Sinatra.new { register Sinatra::Protection }.new
|
||||
MiddlewareTracker.used.should include(Rack::Protection)
|
||||
end
|
||||
|
||||
it 'sets up Rack::Protection::PathTraversal by default' do
|
||||
Sinatra.new { register Sinatra::Protection }.new
|
||||
MiddlewareTracker.used.should include(Rack::Protection::PathTraversal)
|
||||
end
|
||||
|
||||
|
||||
it 'does not set up Rack::Protection::PathTraversal when disabling it' do
|
||||
Sinatra.new do
|
||||
register Sinatra::Protection
|
||||
set :protection, :except => :path_traversal
|
||||
end.new
|
||||
MiddlewareTracker.used.should_not include(Rack::Protection::PathTraversal)
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue