diff --git a/website/docs/Gemfile b/website/docs/Gemfile index 3534fecfc..a2e8e3374 100644 --- a/website/docs/Gemfile +++ b/website/docs/Gemfile @@ -10,6 +10,7 @@ gem "redcarpet", "~> 2.2.2" gem "rb-inotify", "~> 0.9", require: false gem "therubyracer", "~> 0.12.0" gem "thin", "~> 1.5.0" +gem "rack-protection", "~> 1.5" group :development do gem "highline", "~> 1.6.15" diff --git a/website/docs/Gemfile.lock b/website/docs/Gemfile.lock index b0ae81928..c79012744 100644 --- a/website/docs/Gemfile.lock +++ b/website/docs/Gemfile.lock @@ -138,6 +138,7 @@ DEPENDENCIES middleman (~> 3.0.6) middleman-minify-html (~> 3.0.0) rack-contrib (~> 1.1.0) + rack-protection (~> 1.5) rb-inotify (~> 0.9) redcarpet (~> 2.2.2) therubyracer (~> 0.12.0) diff --git a/website/docs/config.ru b/website/docs/config.ru index b81df1c72..ff99c0a8f 100644 --- a/website/docs/config.ru +++ b/website/docs/config.ru @@ -4,10 +4,21 @@ require "rack/contrib/not_found" require "rack/contrib/response_headers" require "rack/contrib/static_cache" require "rack/contrib/try_static" +require "rack/protection" require File.expand_path("../lib/redirect_to_latest", __FILE__) require File.expand_path("../lib/redirect_v1_docs", __FILE__) +# Protect against various bad things +use Rack::Protection::JsonCsrf +use Rack::Protection::RemoteReferrer +use Rack::Protection::HttpOrigin +use Rack::Protection::EscapedParams +use Rack::Protection::XSSHeader +use Rack::Protection::FrameOptions +use Rack::Protection::PathTraversal +use Rack::Protection::IPSpoofing + # Properly compress the output if the client can handle it. use Rack::Deflater diff --git a/website/www/Gemfile b/website/www/Gemfile index 17c572101..074cfa13c 100644 --- a/website/www/Gemfile +++ b/website/www/Gemfile @@ -12,6 +12,7 @@ gem "rack-contrib", "~> 1.1.0" gem "redcarpet", "~> 3.0.0" gem "therubyracer", "~> 0.12.0" gem "thin", "~> 1.5.0" +gem "rack-protection", "~> 1.5" group :development do gem "highline", "~> 1.6.15" diff --git a/website/www/Gemfile.lock b/website/www/Gemfile.lock index 2e0a6277e..112d0d72d 100644 --- a/website/www/Gemfile.lock +++ b/website/www/Gemfile.lock @@ -81,6 +81,8 @@ GEM rack (1.6.0) rack-contrib (1.1.0) rack (>= 0.9.1) + rack-protection (1.5.3) + rack rack-test (0.6.3) rack (>= 1.0) rb-fsevent (0.9.4) @@ -127,6 +129,7 @@ DEPENDENCIES middleman-minify-html (~> 3.1.1) nokogiri (~> 1.6.0) rack-contrib (~> 1.1.0) + rack-protection (~> 1.5) redcarpet (~> 3.0.0) therubyracer (~> 0.12.0) thin (~> 1.5.0) diff --git a/website/www/config.ru b/website/www/config.ru index f36ee894e..2cef78935 100644 --- a/website/www/config.ru +++ b/website/www/config.ru @@ -3,9 +3,20 @@ require "rack/contrib/not_found" require "rack/contrib/response_headers" require "rack/contrib/static_cache" require "rack/contrib/try_static" +require "rack/protection" require File.expand_path("../lib/legacy_redirect", __FILE__) +# Protect against various bad things +use Rack::Protection::JsonCsrf +use Rack::Protection::RemoteReferrer +use Rack::Protection::HttpOrigin +use Rack::Protection::EscapedParams +use Rack::Protection::XSSHeader +use Rack::Protection::FrameOptions +use Rack::Protection::PathTraversal +use Rack::Protection::IPSpoofing + # Properly compress the output if the client can handle it. use Rack::Deflater