From d473fe5693fcacc196ea720692e34f738d647863 Mon Sep 17 00:00:00 2001
From: Seth Vargo <sethvargo@gmail.com>
Date: Mon, 13 Jul 2015 12:56:46 -0400
Subject: [PATCH] Use Rack::Protection

---
 website/config.ru | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/website/config.ru b/website/config.ru
index fd8f01d6c5..b1a3c74b25 100644
--- a/website/config.ru
+++ b/website/config.ru
@@ -3,6 +3,17 @@ require "rack/contrib/not_found"
 require "rack/contrib/response_headers"
 require "rack/contrib/static_cache"
 require "rack/contrib/try_static"
+require "rack/protection"
+
+# Protect against various bad things
+use Rack::Protection::JsonCsrf
+use Rack::Protection::RemoteReferrer
+use Rack::Protection::HttpOrigin
+use Rack::Protection::EscapedParams
+use Rack::Protection::XSSHeader
+use Rack::Protection::FrameOptions
+use Rack::Protection::PathTraversal
+use Rack::Protection::IPSpoofing
 
 # Properly compress the output if the client can handle it.
 use Rack::Deflater