Module: Rack::Protection

Defined in:: lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/version.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/encryptor.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/json_csrf.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/form_token.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/xss_header.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/http_origin.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/ip_spoofing.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/remote_token.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/frame_options.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/cookie_tossing.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/escaped_params.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/path_traversal.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/referrer_policy.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/remote_referrer.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/encrypted_cookie.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/strict_transport.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/session_hijacking.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/authenticity_token.rb,
lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/content_security_policy.rb

Defined Under Namespace

Modules: Encryptor Classes: AuthenticityToken, Base, ContentSecurityPolicy, CookieTossing, EncryptedCookie, EscapedParams, FormToken, FrameOptions, HttpOrigin, IPSpoofing, JsonCsrf, PathTraversal, ReferrerPolicy, RemoteReferrer, RemoteToken, SessionHijacking, StrictTransport, XSSHeader

Constant Summary collapse

VERSION =

'3.0.4'

Class Method Summary collapse

.new(app, options = {}) ⇒ Object

Class Method Details

.new(app, options = {}) ⇒ `Object`

# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection.rb', line 28

def self.new(app, options = {})
  # does not include: RemoteReferrer, AuthenticityToken and FormToken
  except = Array options[:except]
  use_these = Array options[:use]

  if options.fetch(:without_session, false)
    except += %i[session_hijacking remote_token]
  end

  Rack::Builder.new do
    # Off by default, unless added
    use ::Rack::Protection::AuthenticityToken,     options if use_these.include? :authenticity_token
    use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
    use ::Rack::Protection::CookieTossing,         options if use_these.include? :cookie_tossing
    use ::Rack::Protection::EscapedParams,         options if use_these.include? :escaped_params
    use ::Rack::Protection::FormToken,             options if use_these.include? :form_token
    use ::Rack::Protection::ReferrerPolicy,        options if use_these.include? :referrer_policy
    use ::Rack::Protection::RemoteReferrer,        options if use_these.include? :remote_referrer
    use ::Rack::Protection::StrictTransport,       options if use_these.include? :strict_transport

    # On by default, unless skipped
    use ::Rack::Protection::FrameOptions,          options unless except.include? :frame_options
    use ::Rack::Protection::HttpOrigin,            options unless except.include? :http_origin
    use ::Rack::Protection::IPSpoofing,            options unless except.include? :ip_spoofing
    use ::Rack::Protection::JsonCsrf,              options unless except.include? :json_csrf
    use ::Rack::Protection::PathTraversal,         options unless except.include? :path_traversal
    use ::Rack::Protection::RemoteToken,           options unless except.include? :remote_token
    use ::Rack::Protection::SessionHijacking,      options unless except.include? :session_hijacking
    use ::Rack::Protection::XSSHeader,             options unless except.include? :xss_header
    run app
  end.to_app
end

Module: Rack::Protection

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.new(app, options = {}) ⇒ Object

.new(app, options = {}) ⇒ `Object`