Class: Rack::HeadersFilter

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/headers_filter.rb

Constant Summary collapse

SENSITIVE_HEADERS = 
%w[
  HTTP_X_FORWARDED_FOR
  HTTP_X_FORWARDED_HOST
  HTTP_X_FORWARDED_PORT
  HTTP_X_FORWARDED_PROTO
  HTTP_X_FORWARDED_SCHEME
  HTTP_X_FORWARDED_SSL
]
HEROKU_HEADERS =

Headers sent by the Heroku router

%w[
  HTTP_CONNECTION
  HTTP_CONNECT_TIME
  HTTP_HOST
  HTTP_TOTAL_ROUTE_TIME
  HTTP_UPGRADE_INSECURE_REQUESTS
  HTTP_VIA
  HTTP_X_FORWARDED_FOR
  HTTP_X_FORWARDED_PROTO
  HTTP_X_FORWARDED_PROTO
  HTTP_X_REQUEST_ID
  HTTP_X_REQUEST_START
]

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, trusted_headers: HEROKU_HEADERS) ⇒ HeadersFilter

Returns a new instance of HeadersFilter.



29
30
31
32
 
# File 'lib/rack/headers_filter.rb', line 29

def initialize(app, trusted_headers: HEROKU_HEADERS)
  @remove_headers = SENSITIVE_HEADERS - trusted_headers
  @app = app
end

Instance Attribute Details

#remove_headersObject (readonly)

Returns the value of attribute remove_headers.



27
28
29
 
# File 'lib/rack/headers_filter.rb', line 27

def remove_headers
  @remove_headers
end

Instance Method Details

#call(env) ⇒ Object 



34
35
36
37
 
# File 'lib/rack/headers_filter.rb', line 34

def call(env)
  @remove_headers.each(&env.method(:delete))
  @app.call(env)
end