16636ae9b4
This conversion is done by Transpec 2.3.7 with the following command: transpec * 69 conversions from: obj.should to: expect(obj).to * 30 conversions from: == expected to: eq(expected) * 24 conversions from: obj.should_not to: expect(obj).not_to * 3 conversions from: it { should ... } to: it { is_expected.to ... } * 2 conversions from: be_false to: be_falsey * 1 conversion from: be_true to: be_truthy * 1 conversion from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: obj.should_receive(:message) to: expect(obj).to receive(:message) For more details: https://github.com/yujinakayama/transpec#supported-conversions |
||
---|---|---|
.. | ||
lib | ||
spec | ||
.gitignore | ||
.travis.yml | ||
Gemfile | ||
License | ||
README.md | ||
Rakefile | ||
rack-protection.gemspec |
README.md
You should use protection!
This gem protects against typical web attacks. Should work for all Rack apps, including Rails.
Usage
Use all protections you probably want to use:
# config.ru
require 'rack/protection'
use Rack::Protection
run MyApp
Skip a single protection middleware:
# config.ru
require 'rack/protection'
use Rack::Protection, :except => :path_traversal
run MyApp
Use a single protection middleware:
# config.ru
require 'rack/protection'
use Rack::Protection::AuthenticityToken
run MyApp
Prevented Attacks
Cross Site Request Forgery
Prevented by:
Rack::Protection::AuthenticityToken
(not included byuse Rack::Protection
)Rack::Protection::FormToken
(not included byuse Rack::Protection
)Rack::Protection::JsonCsrf
Rack::Protection::RemoteReferrer
(not included byuse Rack::Protection
)Rack::Protection::RemoteToken
Rack::Protection::HttpOrigin
Cross Site Scripting
Prevented by:
Rack::Protection::EscapedParams
(not included byuse Rack::Protection
)Rack::Protection::XSSHeader
(Internet Explorer only)
Clickjacking
Prevented by:
Rack::Protection::FrameOptions
Directory Traversal
Prevented by:
Rack::Protection::PathTraversal
Session Hijacking
Prevented by:
Rack::Protection::SessionHijacking
IP Spoofing
Prevented by:
Rack::Protection::IPSpoofing
Installation
gem install rack-protection
Instrumentation
Instrumentation is enabled by passing in an instrumenter as an option.
use Rack::Protection, instrumenter: ActiveSupport::Notifications
The instrumenter is passed a namespace (String) and environment (Hash). The namespace is 'rack.protection' and the attack type can be obtained from the environment key 'rack.protection.attack'.