kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity
150 commits 2 branches 149 tags 10 MiB
Commit graph

7 commits

Author SHA1 Message Date
Matteo Centenaro
ac79948aaa Add regression test for issue #50 
Running specs you get

Failures:

  1) Rack::Protection::JsonCsrf with drop_session as default reaction reset the session
     Failure/Error: get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
     NoMethodError:
       undefined method `detect' for nil:NilClass
     # ./lib/rack/protection/base.rb:107:in `html?'
     # ./lib/rack/protection/frame_options.rb:32:in `call'
     # ./spec/json_csrf_spec.rb:54:in `block (3 levels) in <top (required)>'
 2013-04-08 11:15:32 +02:00
Konstantin Haase
8a2514674c xhr requests cannot be used for the json attack, fixes #39 2013-03-01 15:43:27 +11:00
Bjørge Næss
fd4687f331 Bypass referer check if Origin header is given 2012-09-05 10:08:09 +02:00
Fojas
34003df86e Fixed call strip call on missing Content-Type header 2011-08-11 09:38:46 -05:00
Konstantin Haase
7798cda967 pending specs for json csrf 2011-06-20 15:47:58 +02:00
Konstantin Haase
86e9828c23 add pending tests 2011-06-19 15:35:58 +02:00
Konstantin Haase
62dd794011 add JSON CSRF protection 2011-06-19 15:26:39 +02:00