Jordan Owens
aac8e3bce4
Mitigate BREACH attack
2016-08-16 21:22:49 -04:00
Jordan Owens
cd5028b5c9
Add cookie tossing protection
...
Mitigate malicious session cookies set on a subdomain from
being read by the parent domain.
2016-07-30 19:04:44 -04:00
James Dabbs
af6902ef31
Enclose CSP self in quotes
...
per https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives ,
the quotes are required (see mpheram/sidekiq#3070 )
2016-07-28 16:08:42 -04:00
Zachary Scott
4b7db03184
Merge branch 'allow-if' of https://github.com/nathanstitt/rack-protection into nathanstitt-allow-if
2016-07-27 19:13:13 +09:00
James Dabbs
44916e0037
Include img-src in expected test output
...
Again, I'm assuming this is the intent, as `should allow changing ...` does
try to change img-src
2016-07-26 17:35:57 -04:00
Zachary Scott
7ebd1a1b1c
Merge pull request #99 from droppedoncaprica/tempFileFix
...
Fix Tempfile reference being returned as nil
2016-07-26 21:29:24 +09:00
Zachary Scott
5acc6b24b6
Fix spec from #78 rspec syntax
2016-07-26 21:05:55 +09:00
Zachary Scott
d08b7840e8
Merge branch 'fix/csrf_missing_close' of https://github.com/finnlabs/rack-protection into finnlabs-fix/csrf_missing_close
2016-07-26 21:04:26 +09:00
Zachary Scott
46b1d85aee
Add :without_session
option to skip session based protection
...
This includes:
* Rack::Protection::SessionHijacking
* Rack::Protection::RemoteToken
Closes #47
2016-07-26 17:37:38 +09:00
Zachary Scott
3286be8418
oops
2016-07-26 17:01:13 +09:00
Zachary Scott
a373ea5ff3
Move spec from #75 under spec dir naming convention
2016-07-26 15:43:38 +09:00
Nathan Stitt
7b2b413754
test ENV in block
2016-05-30 10:44:43 -05:00
Nathan Stitt
0a16019de4
:allow_if configuration for custom accept/reject
2016-05-29 15:25:07 -05:00
Maciej Moleda
3627a9f13b
Add Strict Transport Security protection
2016-01-26 15:35:01 +00:00
Albert Engelbrecht
d3c40ffb1f
Fix Tempfile reference being returned as nil
...
This PR fixes the issue of files being uploaded from users having
the params[:file][:tempfile] being returned as `nil`, rather than
an instance of Tempfile like it should be.
PR fixes #90 , and shamelessly stolen from #91 .
2015-09-30 16:51:50 -05:00
Maurizio De Santis
65cd4a4ac9
Remove require 'spec_helper'
2014-09-03 19:28:14 +02:00
Maurizio De Santis
41937da782
Fix some trivial Ruby warnings
2014-09-03 19:25:20 +02:00
Maurizio De Santis
c93bd86622
Remove spec execution permissions
2014-09-03 19:25:20 +02:00
Maurizio De Santis
f39fad4d66
Move spec files to conventional locations
2014-09-03 19:05:50 +02:00