Browse Source

Use Rack::Protection

pull/1109/head
Seth Vargo 10 years ago
parent
commit
d473fe5693
  1. 11
      website/config.ru

11
website/config.ru

@ -3,6 +3,17 @@ require "rack/contrib/not_found"
require "rack/contrib/response_headers" require "rack/contrib/response_headers"
require "rack/contrib/static_cache" require "rack/contrib/static_cache"
require "rack/contrib/try_static" require "rack/contrib/try_static"
require "rack/protection"
# Protect against various bad things
use Rack::Protection::JsonCsrf
use Rack::Protection::RemoteReferrer
use Rack::Protection::HttpOrigin
use Rack::Protection::EscapedParams
use Rack::Protection::XSSHeader
use Rack::Protection::FrameOptions
use Rack::Protection::PathTraversal
use Rack::Protection::IPSpoofing
# Properly compress the output if the client can handle it. # Properly compress the output if the client can handle it.
use Rack::Deflater use Rack::Deflater

Loading…
Cancel
Save