ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2712 from hashicorp/sethvargo/rack_protection 

Add Rack::Protection
This commit is contained in:
Seth Vargo 2015-07-13 14:56:39 -04:00
parent b4d54b906e db24fedc50
commit e28671490a
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
website/Gemfile.lock
View File

@ -1,6 +1,6 @@
GIT GIT
remote: https://github.com/hashicorp/middleman-hashicorp remote: https://github.com/hashicorp/middleman-hashicorp
revision: 7796ba44d303ac8e1b566e855e2766e6d0f695fc revision: 76f0f284ad44cea0457484ea83467192f02daf87
specs: specs:
middleman-hashicorp (0.1.0) middleman-hashicorp (0.1.0)
bootstrap-sass (~> 3.3) bootstrap-sass (~> 3.3)
@ -11,6 +11,7 @@ GIT
middleman-minify-html (~> 3.4) middleman-minify-html (~> 3.4)
middleman-syntax (~> 2.0) middleman-syntax (~> 2.0)
rack-contrib (~> 1.2) rack-contrib (~> 1.2)
rack-protection (~> 1.5)
rack-rewrite (~> 1.5) rack-rewrite (~> 1.5)
rack-ssl-enforcer (~> 0.2) rack-ssl-enforcer (~> 0.2)
redcarpet (~> 3.2) redcarpet (~> 3.2)
@ -72,7 +73,7 @@ GEM
http_parser.rb (0.6.0) http_parser.rb (0.6.0)
i18n (0.7.0) i18n (0.7.0)
json (1.8.3) json (1.8.3)
kramdown (1.7.0) kramdown (1.8.0)
less (2.6.0) less (2.6.0)
commonjs (~> 0.2.7) commonjs (~> 0.2.7)
libv8 (3.16.14.11) libv8 (3.16.14.11)
@ -119,7 +120,7 @@ GEM
middleman-core (~> 3.2) middleman-core (~> 3.2)
rouge (~> 1.0) rouge (~> 1.0)
minitest (5.7.0) minitest (5.7.0)
multi_json (1.11.1) multi_json (1.11.2)
padrino-helpers (0.12.5) padrino-helpers (0.12.5)
i18n (~> 0.6, >= 0.6.7) i18n (~> 0.6, >= 0.6.7)
padrino-support (= 0.12.5) padrino-support (= 0.12.5)
@ -130,7 +131,9 @@ GEM
rack-contrib (1.3.0) rack-contrib (1.3.0)
git-version-bump (~> 0.15) git-version-bump (~> 0.15)
rack (~> 1.4) rack (~> 1.4)
rack-livereload (0.3.15) rack-livereload (0.3.16)
rack
rack-protection (1.5.3)
rack rack
rack-rewrite (1.5.1) rack-rewrite (1.5.1)
rack-ssl-enforcer (0.2.8) rack-ssl-enforcer (0.2.8)
@ -140,9 +143,9 @@ GEM
rb-inotify (0.9.5) rb-inotify (0.9.5)
ffi (>= 0.5.0) ffi (>= 0.5.0)
redcarpet (3.3.2) redcarpet (3.3.2)
ref (1.0.5) ref (2.0.0)
rouge (1.9.0) rouge (1.9.1)
sass (3.4.15) sass (3.4.16)
sprockets (2.12.4) sprockets (2.12.4)
hike (~> 1.2) hike (~> 1.2)
multi_json (~> 1.0) multi_json (~> 1.0)

11
website/config.ru
View File

@ -3,6 +3,17 @@ require "rack/contrib/not_found"
require "rack/contrib/response_headers" require "rack/contrib/response_headers"
require "rack/contrib/static_cache" require "rack/contrib/static_cache"
require "rack/contrib/try_static" require "rack/contrib/try_static"
require "rack/protection"
# Protect against various bad things
use Rack::Protection::JsonCsrf
use Rack::Protection::RemoteReferrer
use Rack::Protection::HttpOrigin
use Rack::Protection::EscapedParams
use Rack::Protection::XSSHeader
use Rack::Protection::FrameOptions
use Rack::Protection::PathTraversal
use Rack::Protection::IPSpoofing
# Properly compress the output if the client can handle it. # Properly compress the output if the client can handle it.
use Rack::Deflater use Rack::Deflater