kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity
sinatra/rack-protection
History
Patrik Ragnarsson 0a424f01ee
CI: handle dependencies the same way, add Tilt to the matrix (#1881) 
Adds Tilt (https://rubygems.org/gems/tilt) to the CI matrix. It now
resides at https://github.com/jeremyevans/tilt

Changes `latest` to `head` because "latest" sounds a lot like "latest
release" but we mean using the main/master branch of the repo of the
dependency we test with. Matches `ruby-head`.
 		2023-02-22 08:42:41 +01:00
..
lib 3.0.5 release 2022-12-16 18:13:16 -05:00
spec Setup Rubocop (#1537) 2022-07-31 08:56:44 -04:00
.gitignore [issue-1275] add rake task to generate docs, similar to sinatra-contrib 2017-04-09 12:30:24 +05:30
.rspec Restore RSpec init default files 2014-09-03 19:25:20 +02:00
Gemfile CI: handle dependencies the same way, add Tilt to the matrix (#1881) 2023-02-22 08:42:41 +01:00
License Update LICENSE(s) 2017-03-19 12:05:31 +09:00
README.md Change relative URLs to absolute URLS 2017-05-24 09:48:41 +09:00
Rakefile Setup Rubocop (#1537) 2022-07-31 08:56:44 -04:00
rack-protection.gemspec rack-protection gemspec: Use https URL to homepage 2022-12-22 11:16:59 +01:00

README.md

Rack::Protection

This gem protects against typical web attacks. Should work for all Rack apps, including Rails.

Usage

Use all protections you probably want to use:

# config.ru
require 'rack/protection'
use Rack::Protection
run MyApp

Skip a single protection middleware:

# config.ru
require 'rack/protection'
use Rack::Protection, :except => :path_traversal
run MyApp

Use a single protection middleware:

# config.ru
require 'rack/protection'
use Rack::Protection::AuthenticityToken
run MyApp

Prevented Attacks

Cross Site Request Forgery

Prevented by:

Cross Site Scripting

Prevented by:

Clickjacking

Prevented by:

Directory Traversal

Prevented by:

Session Hijacking

Prevented by:

Cookie Tossing

Prevented by:

IP Spoofing

Prevented by:

Helps to protect against protocol downgrade attacks and cookie hijacking

Prevented by:

Installation

gem install rack-protection

Instrumentation

Instrumentation is enabled by passing in an instrumenter as an option.

use Rack::Protection, instrumenter: ActiveSupport::Notifications

The instrumenter is passed a namespace (String) and environment (Hash). The namespace is 'rack.protection' and the attack type can be obtained from the environment key 'rack.protection.attack'.