Add Rack::Protection to sites

This commit is contained in:
Seth Vargo 2015-07-13 11:38:20 -04:00
parent 7328f91da2
commit b03b7f56a0
6 changed files with 28 additions and 0 deletions

View File

@ -10,6 +10,7 @@ gem "redcarpet", "~> 2.2.2"
gem "rb-inotify", "~> 0.9", require: false
gem "therubyracer", "~> 0.12.0"
gem "thin", "~> 1.5.0"
gem "rack-protection", "~> 1.5"
group :development do
gem "highline", "~> 1.6.15"

View File

@ -138,6 +138,7 @@ DEPENDENCIES
middleman (~> 3.0.6)
middleman-minify-html (~> 3.0.0)
rack-contrib (~> 1.1.0)
rack-protection (~> 1.5)
rb-inotify (~> 0.9)
redcarpet (~> 2.2.2)
therubyracer (~> 0.12.0)

View File

@ -4,10 +4,21 @@ require "rack/contrib/not_found"
require "rack/contrib/response_headers"
require "rack/contrib/static_cache"
require "rack/contrib/try_static"
require "rack/protection"
require File.expand_path("../lib/redirect_to_latest", __FILE__)
require File.expand_path("../lib/redirect_v1_docs", __FILE__)
# Protect against various bad things
use Rack::Protection::JsonCsrf
use Rack::Protection::RemoteReferrer
use Rack::Protection::HttpOrigin
use Rack::Protection::EscapedParams
use Rack::Protection::XSSHeader
use Rack::Protection::FrameOptions
use Rack::Protection::PathTraversal
use Rack::Protection::IPSpoofing
# Properly compress the output if the client can handle it.
use Rack::Deflater

View File

@ -12,6 +12,7 @@ gem "rack-contrib", "~> 1.1.0"
gem "redcarpet", "~> 3.0.0"
gem "therubyracer", "~> 0.12.0"
gem "thin", "~> 1.5.0"
gem "rack-protection", "~> 1.5"
group :development do
gem "highline", "~> 1.6.15"

View File

@ -81,6 +81,8 @@ GEM
rack (1.6.0)
rack-contrib (1.1.0)
rack (>= 0.9.1)
rack-protection (1.5.3)
rack
rack-test (0.6.3)
rack (>= 1.0)
rb-fsevent (0.9.4)
@ -127,6 +129,7 @@ DEPENDENCIES
middleman-minify-html (~> 3.1.1)
nokogiri (~> 1.6.0)
rack-contrib (~> 1.1.0)
rack-protection (~> 1.5)
redcarpet (~> 3.0.0)
therubyracer (~> 0.12.0)
thin (~> 1.5.0)

View File

@ -3,9 +3,20 @@ require "rack/contrib/not_found"
require "rack/contrib/response_headers"
require "rack/contrib/static_cache"
require "rack/contrib/try_static"
require "rack/protection"
require File.expand_path("../lib/legacy_redirect", __FILE__)
# Protect against various bad things
use Rack::Protection::JsonCsrf
use Rack::Protection::RemoteReferrer
use Rack::Protection::HttpOrigin
use Rack::Protection::EscapedParams
use Rack::Protection::XSSHeader
use Rack::Protection::FrameOptions
use Rack::Protection::PathTraversal
use Rack::Protection::IPSpoofing
# Properly compress the output if the client can handle it.
use Rack::Deflater