Commit 4128a49f authored by Seth Vargo's avatar Seth Vargo

Merge pull request #2437 from mitchellh/sethvargo/rack_protection

Use Rack::Protection
parents 683d6a73 034040d2
GIT GIT
remote: git://github.com/hashicorp/middleman-hashicorp.git remote: git://github.com/hashicorp/middleman-hashicorp.git
revision: 7796ba44d303ac8e1b566e855e2766e6d0f695fc revision: 76f0f284ad44cea0457484ea83467192f02daf87
specs: specs:
middleman-hashicorp (0.1.0) middleman-hashicorp (0.1.0)
bootstrap-sass (~> 3.3) bootstrap-sass (~> 3.3)
...@@ -11,6 +11,7 @@ GIT ...@@ -11,6 +11,7 @@ GIT
middleman-minify-html (~> 3.4) middleman-minify-html (~> 3.4)
middleman-syntax (~> 2.0) middleman-syntax (~> 2.0)
rack-contrib (~> 1.2) rack-contrib (~> 1.2)
rack-protection (~> 1.5)
rack-rewrite (~> 1.5) rack-rewrite (~> 1.5)
rack-ssl-enforcer (~> 0.2) rack-ssl-enforcer (~> 0.2)
redcarpet (~> 3.2) redcarpet (~> 3.2)
...@@ -20,18 +21,18 @@ GIT ...@@ -20,18 +21,18 @@ GIT
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
activesupport (4.1.10) activesupport (4.1.12)
i18n (~> 0.6, >= 0.6.9) i18n (~> 0.6, >= 0.6.9)
json (~> 1.7, >= 1.7.7) json (~> 1.7, >= 1.7.7)
minitest (~> 5.1) minitest (~> 5.1)
thread_safe (~> 0.1) thread_safe (~> 0.1)
tzinfo (~> 1.1) tzinfo (~> 1.1)
autoprefixer-rails (5.1.11) autoprefixer-rails (5.2.1)
execjs execjs
json json
bootstrap-sass (3.3.4.1) bootstrap-sass (3.3.5.1)
autoprefixer-rails (>= 5.0.0.1) autoprefixer-rails (>= 5.0.0.1)
sass (>= 3.2.19) sass (>= 3.3.0)
builder (3.2.2) builder (3.2.2)
celluloid (0.16.0) celluloid (0.16.0)
timers (~> 4.0.0) timers (~> 4.0.0)
...@@ -53,29 +54,30 @@ GEM ...@@ -53,29 +54,30 @@ GEM
sass (>= 3.3.0, < 3.5) sass (>= 3.3.0, < 3.5)
compass-import-once (1.0.5) compass-import-once (1.0.5)
sass (>= 3.2, < 3.5) sass (>= 3.2, < 3.5)
daemons (1.2.2) daemons (1.2.3)
em-websocket (0.5.1) em-websocket (0.5.1)
eventmachine (>= 0.12.9) eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0) http_parser.rb (~> 0.6.0)
erubis (2.7.0) erubis (2.7.0)
eventmachine (1.0.7) eventmachine (1.0.7)
execjs (2.5.2) execjs (2.5.2)
ffi (1.9.8) ffi (1.9.10)
git-version-bump (0.15.1)
haml (4.0.6) haml (4.0.6)
tilt tilt
hike (1.2.3) hike (1.2.3)
hitimes (1.2.2) hitimes (1.2.2)
hooks (0.4.0) hooks (0.4.0)
uber (~> 0.0.4) uber (~> 0.0.4)
htmlcompressor (0.1.2) htmlcompressor (0.2.0)
http_parser.rb (0.6.0) http_parser.rb (0.6.0)
i18n (0.7.0) i18n (0.7.0)
json (1.8.2) json (1.8.3)
kramdown (1.7.0) kramdown (1.8.0)
less (2.6.0) less (2.6.0)
commonjs (~> 0.2.7) commonjs (~> 0.2.7)
libv8 (3.16.14.7) libv8 (3.16.14.11)
listen (2.10.0) listen (2.10.1)
celluloid (~> 0.16.0) celluloid (~> 0.16.0)
rb-fsevent (>= 0.9.3) rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9) rb-inotify (>= 0.9)
...@@ -106,8 +108,8 @@ GEM ...@@ -106,8 +108,8 @@ GEM
em-websocket (~> 0.5.1) em-websocket (~> 0.5.1)
middleman-core (>= 3.3) middleman-core (>= 3.3)
rack-livereload (~> 0.3.15) rack-livereload (~> 0.3.15)
middleman-minify-html (3.4.0) middleman-minify-html (3.4.1)
htmlcompressor (~> 0.1.0) htmlcompressor (~> 0.2.0)
middleman-core (>= 3.2) middleman-core (>= 3.2)
middleman-sprockets (3.4.2) middleman-sprockets (3.4.2)
middleman-core (>= 3.3) middleman-core (>= 3.3)
...@@ -117,31 +119,34 @@ GEM ...@@ -117,31 +119,34 @@ GEM
middleman-syntax (2.0.0) middleman-syntax (2.0.0)
middleman-core (~> 3.2) middleman-core (~> 3.2)
rouge (~> 1.0) rouge (~> 1.0)
minitest (5.6.1) minitest (5.7.0)
multi_json (1.11.0) multi_json (1.11.2)
padrino-helpers (0.12.5) padrino-helpers (0.12.5)
i18n (~> 0.6, >= 0.6.7) i18n (~> 0.6, >= 0.6.7)
padrino-support (= 0.12.5) padrino-support (= 0.12.5)
tilt (~> 1.4.1) tilt (~> 1.4.1)
padrino-support (0.12.5) padrino-support (0.12.5)
activesupport (>= 3.1) activesupport (>= 3.1)
rack (1.6.1) rack (1.6.4)
rack-contrib (1.2.0) rack-contrib (1.3.0)
rack (>= 0.9.1) git-version-bump (~> 0.15)
rack-livereload (0.3.15) rack (~> 1.4)
rack-livereload (0.3.16)
rack
rack-protection (1.5.3)
rack rack
rack-rewrite (1.5.1) rack-rewrite (1.5.1)
rack-ssl-enforcer (0.2.8) rack-ssl-enforcer (0.2.8)
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
rb-fsevent (0.9.4) rb-fsevent (0.9.5)
rb-inotify (0.9.5) rb-inotify (0.9.5)
ffi (>= 0.5.0) ffi (>= 0.5.0)
redcarpet (3.2.3) redcarpet (3.3.2)
ref (1.0.5) ref (2.0.0)
rouge (1.8.0) rouge (1.9.1)
sass (3.4.13) sass (3.4.16)
sprockets (2.12.3) sprockets (2.12.4)
hike (~> 1.2) hike (~> 1.2)
multi_json (~> 1.0) multi_json (~> 1.0)
rack (~> 1.0) rack (~> 1.0)
......
...@@ -3,6 +3,17 @@ require "rack/contrib/not_found" ...@@ -3,6 +3,17 @@ require "rack/contrib/not_found"
require "rack/contrib/response_headers" require "rack/contrib/response_headers"
require "rack/contrib/static_cache" require "rack/contrib/static_cache"
require "rack/contrib/try_static" require "rack/contrib/try_static"
require "rack/protection"
# Protect against various bad things
use Rack::Protection::JsonCsrf
use Rack::Protection::RemoteReferrer
use Rack::Protection::HttpOrigin
use Rack::Protection::EscapedParams
use Rack::Protection::XSSHeader
use Rack::Protection::FrameOptions
use Rack::Protection::PathTraversal
use Rack::Protection::IPSpoofing
# Properly compress the output if the client can handle it. # Properly compress the output if the client can handle it.
use Rack::Deflater use Rack::Deflater
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment