kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity
3657 commits 2 branches 149 tags 10 MiB
Commit graph

19 commits

Author SHA1 Message Date
Jordan Owens
aac8e3bce4 Mitigate BREACH attack 2016-08-16 21:22:49 -04:00
Jordan Owens
cd5028b5c9 Add cookie tossing protection 
Mitigate malicious session cookies set on a subdomain from
being read by the parent domain.
 2016-07-30 19:04:44 -04:00
James Dabbs
af6902ef31 Enclose CSP self in quotes 
per https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives,
the quotes are required (see mpheram/sidekiq#3070)
 2016-07-28 16:08:42 -04:00
Zachary Scott
4b7db03184 Merge branch 'allow-if' of https://github.com/nathanstitt/rack-protection into nathanstitt-allow-if 2016-07-27 19:13:13 +09:00
James Dabbs
44916e0037 Include img-src in expected test output 
Again, I'm assuming this is the intent, as `should allow changing ...` does
try to change img-src
 2016-07-26 17:35:57 -04:00
Zachary Scott
7ebd1a1b1c Merge pull request #99 from droppedoncaprica/tempFileFix 
Fix Tempfile reference being returned as nil
 2016-07-26 21:29:24 +09:00
Zachary Scott
5acc6b24b6 Fix spec from #78 rspec syntax 2016-07-26 21:05:55 +09:00
Zachary Scott
d08b7840e8 Merge branch 'fix/csrf_missing_close' of https://github.com/finnlabs/rack-protection into finnlabs-fix/csrf_missing_close 2016-07-26 21:04:26 +09:00
Zachary Scott
46b1d85aee Add :without_session option to skip session based protection 
This includes:

* Rack::Protection::SessionHijacking
* Rack::Protection::RemoteToken

Closes #47
 2016-07-26 17:37:38 +09:00
Zachary Scott
3286be8418 oops 2016-07-26 17:01:13 +09:00
Zachary Scott
a373ea5ff3 Move spec from #75 under spec dir naming convention 2016-07-26 15:43:38 +09:00
Nathan Stitt
7b2b413754 test ENV in block 2016-05-30 10:44:43 -05:00
Nathan Stitt
0a16019de4 :allow_if configuration for custom accept/reject 2016-05-29 15:25:07 -05:00
Maciej Moleda
3627a9f13b Add Strict Transport Security protection 2016-01-26 15:35:01 +00:00
Albert Engelbrecht
d3c40ffb1f Fix Tempfile reference being returned as nil 
This PR fixes the issue of files being uploaded from users having
the params[:file][:tempfile] being returned as `nil`, rather than
an instance of Tempfile like it should be.

PR fixes #90, and shamelessly stolen from #91.
 2015-09-30 16:51:50 -05:00
Maurizio De Santis
65cd4a4ac9 Remove require 'spec_helper' 2014-09-03 19:28:14 +02:00
Maurizio De Santis
41937da782 Fix some trivial Ruby warnings 2014-09-03 19:25:20 +02:00
Maurizio De Santis
c93bd86622 Remove spec execution permissions 2014-09-03 19:25:20 +02:00
Maurizio De Santis
f39fad4d66 Move spec files to conventional locations 2014-09-03 19:05:50 +02:00