Skip to content

P
packer
Commit 4128a49f authored by Seth Vargo's avatar Seth Vargo
Browse files
Options

Merge pull request #2437 from mitchellh/sethvargo/rack_protection 

Use Rack::Protection
parents 683d6a73 034040d2
Hide whitespace changes
Inline Side-by-side
Showing with 42 additions and 26 deletions
website/Gemfile.lock
View file @ 4128a49f
GIT
remote: git://github.com/hashicorp/middleman-hashicorp.git
revision: 7796ba44d303ac8e1b566e855e2766e6d0f695fc
revision: 76f0f284ad44cea0457484ea83467192f02daf87
specs:
middleman-hashicorp (0.1.0)
bootstrap-sass (~> 3.3)
......@@ -11,6 +11,7 @@ GIT
middleman-minify-html (~> 3.4)
middleman-syntax (~> 2.0)
rack-contrib (~> 1.2)
rack-protection (~> 1.5)
rack-rewrite (~> 1.5)
rack-ssl-enforcer (~> 0.2)
redcarpet (~> 3.2)
......@@ -20,18 +21,18 @@ GIT
GEM
remote: https://rubygems.org/
specs:
activesupport (4.1.10)
activesupport (4.1.12)
i18n (~> 0.6, >= 0.6.9)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
thread_safe (~> 0.1)
tzinfo (~> 1.1)
autoprefixer-rails (5.1.11)
autoprefixer-rails (5.2.1)
execjs
json
bootstrap-sass (3.3.4.1)
bootstrap-sass (3.3.5.1)
autoprefixer-rails (>= 5.0.0.1)
sass (>= 3.2.19)
sass (>= 3.3.0)
builder (3.2.2)
celluloid (0.16.0)
timers (~> 4.0.0)
......@@ -53,29 +54,30 @@ GEM
sass (>= 3.3.0, < 3.5)
compass-import-once (1.0.5)
sass (>= 3.2, < 3.5)
daemons (1.2.2)
daemons (1.2.3)
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
erubis (2.7.0)
eventmachine (1.0.7)
execjs (2.5.2)
ffi (1.9.8)
ffi (1.9.10)
git-version-bump (0.15.1)
haml (4.0.6)
tilt
hike (1.2.3)
hitimes (1.2.2)
hooks (0.4.0)
uber (~> 0.0.4)
htmlcompressor (0.1.2)
htmlcompressor (0.2.0)
http_parser.rb (0.6.0)
i18n (0.7.0)
json (1.8.2)
kramdown (1.7.0)
json (1.8.3)
kramdown (1.8.0)
less (2.6.0)
commonjs (~> 0.2.7)
libv8 (3.16.14.7)
listen (2.10.0)
libv8 (3.16.14.11)
listen (2.10.1)
celluloid (~> 0.16.0)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
......@@ -106,8 +108,8 @@ GEM
em-websocket (~> 0.5.1)
middleman-core (>= 3.3)
rack-livereload (~> 0.3.15)
middleman-minify-html (3.4.0)
htmlcompressor (~> 0.1.0)
middleman-minify-html (3.4.1)
htmlcompressor (~> 0.2.0)
middleman-core (>= 3.2)
middleman-sprockets (3.4.2)
middleman-core (>= 3.3)
......@@ -117,31 +119,34 @@ GEM
middleman-syntax (2.0.0)
middleman-core (~> 3.2)
rouge (~> 1.0)
minitest (5.6.1)
multi_json (1.11.0)
minitest (5.7.0)
multi_json (1.11.2)
padrino-helpers (0.12.5)
i18n (~> 0.6, >= 0.6.7)
padrino-support (= 0.12.5)
tilt (~> 1.4.1)
padrino-support (0.12.5)
activesupport (>= 3.1)
rack (1.6.1)
rack-contrib (1.2.0)
rack (>= 0.9.1)
rack-livereload (0.3.15)
rack (1.6.4)
rack-contrib (1.3.0)
git-version-bump (~> 0.15)
rack (~> 1.4)
rack-livereload (0.3.16)
rack
rack-protection (1.5.3)
rack
rack-rewrite (1.5.1)
rack-ssl-enforcer (0.2.8)
rack-test (0.6.3)
rack (>= 1.0)
rb-fsevent (0.9.4)
rb-fsevent (0.9.5)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
redcarpet (3.2.3)
ref (1.0.5)
rouge (1.8.0)
sass (3.4.13)
sprockets (2.12.3)
redcarpet (3.3.2)
ref (2.0.0)
rouge (1.9.1)
sass (3.4.16)
sprockets (2.12.4)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
......
website/config.ru
View file @ 4128a49f
......@@ -3,6 +3,17 @@ require "rack/contrib/not_found"
require "rack/contrib/response_headers"
require "rack/contrib/static_cache"
require "rack/contrib/try_static"
require "rack/protection"
# Protect against various bad things
use Rack::Protection::JsonCsrf
use Rack::Protection::RemoteReferrer
use Rack::Protection::HttpOrigin
use Rack::Protection::EscapedParams
use Rack::Protection::XSSHeader
use Rack::Protection::FrameOptions
use Rack::Protection::PathTraversal
use Rack::Protection::IPSpoofing
# Properly compress the output if the client can handle it.
use Rack::Deflater
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7