issues
search
sinatra
/
rack-protection
NOTE: This project has been merged upstream to sinatra/sinatra
https://github.com/sinatra/sinatra/tree/master/rack-protection
818
stars
58
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Ignore changing Accept-Encoding header, fixes #56
#73
rennex
closed
10 years ago
0
content-type-security header
#72
mkristian
closed
10 years ago
2
Don't create request since it is unused.
#71
vipulnsward
closed
10 years ago
0
URL-encoded resources does not work since 1.5.1
#70
quezacoatl
closed
11 years ago
1
ensure Rack::Protection::Base#random_string always outputs 32 characters
#69
pje
closed
11 years ago
0
Ensure that session contains a csrf token after "safe" requests
#68
pje
closed
11 years ago
6
What is meant by "rack-csrf" compatibility?
#67
da99
closed
11 years ago
1
Add instrumentation support
#66
brookemckim
closed
11 years ago
5
Implemented an authenticity_param option on AuthenticityToken
#65
dariocravero
closed
11 years ago
0
Mask CSRF tokens to mitigate BREACH attack
#64
louismullie
closed
8 years ago
1
Whitelist for JsonCsrf
#63
rsiddle
closed
8 years ago
1
License missing from gemspec
#62
bf4
closed
11 years ago
4
Invalid referer raises error
#61
georgeu2000
closed
8 years ago
5
Authenticity token not being set unless form is sent
#60
cesarfigueroa
closed
11 years ago
2
Implementation doubt
#59
sonoman
closed
11 years ago
2
Encoding fix
#58
jeffWelling
closed
11 years ago
0
Fixed encoding bug
#57
jeffWelling
closed
11 years ago
4
SessionHijacking false positive when serving video tag source
#56
dgutov
closed
10 years ago
1
Add documentation
#55
m-o-e
closed
8 years ago
3
Fix PathTraversal to leave encoding of PATH_INFO unchanged
#54
dayflower
closed
11 years ago
0
Cookie protection, ala Github's blog post
#53
nogweii
closed
8 years ago
0
Check for nil response on JsonCsrf protection
#52
bugant
closed
11 years ago
1
FIX: default_reaction was not working
#51
bugant
closed
11 years ago
4
undefined method `detect' for nil:NilClass
#50
blambeau
closed
11 years ago
24
Feature Request: add support for Strict Transport Security
#49
oreoshake
closed
9 years ago
2
X-XSS-Protection also applies to chrome
#48
oreoshake
closed
8 years ago
1
Silently Ignore Lack of Session Middleware
#47
Wardrop
closed
8 years ago
7
Feature/report reaction
#46
skade
closed
11 years ago
6
Don't autoload?
#45
charlie
closed
8 years ago
11
Block remote requests from non-HTTP pages
#44
louismullie
closed
11 years ago
1
Detect and reject Ruby objects sent in YAML format
#43
brynary
closed
10 years ago
7
Spec for escaped_params handling of POST bodies
#42
skade
closed
11 years ago
3
Introducing :use
#41
homakov
closed
11 years ago
2
nosniff should be set non html content as well
#40
mkristian
closed
11 years ago
1
CORS and JSON_CSRF
#39
resistorsoftware
closed
11 years ago
1
Why don't you recommend using the form token with rack protection?
#38
dariocravero
closed
11 years ago
2
HttpOrigin should be disabled by default
#37
p0deje
closed
11 years ago
16
undefined method `base_url'
#36
patsanch
closed
11 years ago
4
Gemspec contains non-US-ASCII characters, can't install on older rubygems
#35
jeremyevans
closed
11 years ago
0
undefined method `last' for nil:NilClass
#34
hron84
closed
11 years ago
2
Please yank v 1.3.0
#33
xaviervia
closed
11 years ago
1
Don't choke on requests that end up without a content-type header
#32
cheald
closed
11 years ago
1
X-Frame-Option should only be set for HTML responses
#31
rkh
closed
11 years ago
0
Bypass referer check if Origin header is given
#30
bjoerge
closed
12 years ago
2
Fix for issue #28
#29
savulchik
closed
12 years ago
1
Typo in frame_options_spec.rb
#28
savulchik
closed
12 years ago
1
allow cache-breaker params in EscapedParams
#27
stve
closed
12 years ago
2
X-Content-Type-Options feature
#26
send
closed
12 years ago
2
X-Frame-Options sameorigin case
#25
darscan
closed
11 years ago
2
Do not add a / to empty path in 'path_traversal'
#24
hanklords
closed
12 years ago
1
Previous
Next