sinatra / rack-protection

NOTE: This project has been merged upstream to sinatra/sinatra
https://github.com/sinatra/sinatra/tree/master/rack-protection
818 stars 58 forks source link

clarify reaction warning, test it #76

Closed ujifgc closed 10 years ago

ujifgc commented 10 years ago

Rack-protection tends to write misleading warnings to application log if a custom reaction is specified.

If I set :reaction => :report it still writes attack prevented by Rack::Protection::RemoteToken though it is not prevented, it is passed to the application with options[:report_key] flag.

The more, if I set :reaction => :special, rack-protection calls my special helper but still says that the attack was prevented.

I suggest to warn "prevented" when reaction reaches #deny, warn "reported" if reaction was to #report and do nothing if a custom method is used as reaction.