mirror of
https://github.com/sinatra/sinatra
synced 2023-03-27 23:18:01 -04:00
1.7 KiB
1.7 KiB
You should use protection!
This gem protects against typical web attacks. Should work for all Rack apps, including Rails.
Usage
Use all protections you probably want to use:
# config.ru
require 'rack/protection'
use Rack::Protection
run MyApp
Skip a single protection middleware:
# config.ru
require 'rack/protection'
use Rack::Protection, :except => :path_traversal
run MyApp
Use a single protection middleware:
# config.ru
require 'rack/protection'
use Rack::Protection::AuthenticityToken
run MyApp
Prevented Attacks
Cross Site Request Forgery
Prevented by:
Rack::Protection::AuthenticityToken
(not included byuse Rack::Protection
)Rack::Protection::FormToken
(not included byuse Rack::Protection
)Rack::Protection::JsonCsrf
Rack::Protection::RemoteReferrer
(not included byuse Rack::Protection
)Rack::Protection::RemoteToken
Rack::Protection::HttpOrigin
Cross Site Scripting
Prevented by:
Rack::Protection::EscapedParams
(not included byuse Rack::Protection
)Rack::Protection::XssHeader
(Internet Explorer only)
Clickjacking
Prevented by:
Rack::Protection::FrameOptions
Directory Traversal
Prevented by:
Rack::Protection::PathTraversal
Session Hijacking
Prevented by:
Rack::Protection::SessionHijacking
IP Spoofing
Prevented by:
Rack::Protection::IPSpoofing
Installation
gem install rack-protection
History
v0.1.0 (2011/06/20)
First public release.
v1.0.0 (2011/09/02)
First stable release.
Changes:
- Fix bug in JsonCsrf
v1.1.0 (2011/09/03)
Second public release.
Changes:
- Dependency on
escape_utils
is now optional