.. | |||
lib | 5 years ago | ||
Gemfile | 5 years ago | ||
License | 5 years ago | ||
README.md | 5 years ago | ||
Rakefile | 5 years ago | ||
rack-protection.gemspec | 5 years ago |
This gem protects against typical web attacks. Should work for all Rack apps, including Rails.
Use all protections you probably want to use:
# config.ru require 'rack/protection' use Rack::Protection run MyApp
Skip a single protection middleware:
# config.ru require 'rack/protection' use Rack::Protection, :except => :path_traversal run MyApp
Use a single protection middleware:
# config.ru require 'rack/protection' use Rack::Protection::AuthenticityToken run MyApp
Prevented by:
Rack::Protection::AuthenticityToken
(not included by use Rack::Protection
)Rack::Protection::FormToken
(not included by use Rack::Protection
)Rack::Protection::JsonCsrf
Rack::Protection::RemoteReferrer
(not included by use Rack::Protection
)Rack::Protection::RemoteToken
Rack::Protection::HttpOrigin
Prevented by:
Rack::Protection::EscapedParams
(not included by use Rack::Protection
)Rack::Protection::XSSHeader
(Internet Explorer and Chrome only)Rack::Protection::ContentSecurityPolicy
Prevented by:
Prevented by:
Prevented by:
Prevented by:
Rack::Protection::CookieTossing
(not included by use Rack::Protection
)Prevented by:
Prevented by:
Rack::Protection::StrictTransport
(not included by use Rack::Protection
)gem install rack-protection
Instrumentation is enabled by passing in an instrumenter as an option.
use Rack::Protection, instrumenter: ActiveSupport::Notifications
The instrumenter is passed a namespace (String) and environment (Hash). The namespace is 'rack.protection' and the attack type can be obtained from the environment key 'rack.protection.attack'.