sinatra/rack-protection

Issues

• Mention the migration in GitHub Pages

  #123 opened 6 years ago by FranklinYu
  0

• How can I update AuthenticityToken automatically?

  #119 opened 7 years ago by dehengxu
  1

• Forbidden + signout using sidekiq/devise/activeadmin on production server with nginx/haproxy/thin

  #107 opened 8 years ago by ysynesis
  4

• AuthenticityToken check in a rails app when no session['_csrf_token'] is set

  #83 opened 8 years ago by anthony
  6

• New stable release before merging?

  #118 opened 8 years ago by astratto
  7

• Could not find gem 'rack-protection' in git://github.com/sinatra/rack-protection.git (at master@f405fec)

  #117 opened 8 years ago by jaredbeck
  2

• Mask CSRF tokens to mitigate BREACH attack

  #64 opened 8 years ago by louismullie
  1

• AuthenticityToken

  #106 opened 8 years ago by hojberg
  3

• JsonCsrf for GET image.

  #84 opened 8 years ago by georgeu2000
  4

• [Warning] Session Hijacking default of HTTP_ACCEPT_LANGUAGE is broken for iOS 8+

  #88 opened 8 years ago by tommeier
  2

• Is AuthenticityToken broken?

  #100 opened 8 years ago by odigity
  2

• Rack::Protection::SessionHijacking

  #92 opened 8 years ago by frodsan
  2

• Session Hijacking default of HTTP_ACCEPT_LANGUAGE is broken for IE with XHR

  #96 opened 8 years ago by t-cyrill
  2

• Invalid URI causes exception

  #82 opened 8 years ago by rb2k
  3

• Please add changelog

  #79 opened 8 years ago by PikachuEXE
  2

• Whitelist for JsonCsrf

  #63 opened 8 years ago by rsiddle
  1

• Invalid referer raises error

  #61 opened 8 years ago by georgeu2000
  5

• Cookie protection, ala Github's blog post

  #53 opened 8 years ago by nogweii
  0

• Add documentation

  #55 opened 8 years ago by m-o-e
  3

• X-XSS-Protection also applies to chrome

  #48 opened 8 years ago by oreoshake
  1

• Regenerate docs

  #109 opened 8 years ago by zzak
  0

• "You need to set up a session middleware *before* Rack::Protection::SessionHijacking"

  #77 opened 8 years ago by rickygu
  6

• escaped params silently removing files

  #90 opened 8 years ago by danleyden
  3

• Silently Ignore Lack of Session Middleware

  #47 opened 8 years ago by Wardrop
  7

• Don't autoload?

  #45 opened 8 years ago by charlie
  11

• Sinatra problem with rack-protection

  #110 opened 8 years ago by pamit
  1

• undefined method `[]' for nil:NilClass

  #103 opened 9 years ago by beanieboi
  4

• Consider changing the repo description

  #101 opened 9 years ago by adelevie
  3

• Feature Request: add support for Strict Transport Security

  #49 opened 10 years ago by oreoshake
  2

• Homepage link is broken

  #94 opened 10 years ago by zzak
  2

• Token changes between retrieval and request

  #89 opened 10 years ago by cmouse
  1

• SessionHijacking false positive when serving video tag source

  #56 opened 11 years ago by dgutov
  1

• Rack Protection blocks all requests from proxy/frontend

  #85 opened 10 years ago by tayler1
  5

• [Readme] Instrumentation example

  #81 opened 11 years ago by tommeier
  1

• Path traversal middleware stops sinatra route from matching

  #80 opened 11 years ago by myronmarston
  2

• Detect and reject Ruby objects sent in YAML format

  #43 opened 11 years ago by brynary
  7

• content-type-security header

  #72 opened 11 years ago by mkristian
  2

• undefined method `detect' for nil:NilClass

  #50 opened 11 years ago by blambeau
  24

• URL-encoded resources does not work since 1.5.1

  #70 opened 11 years ago by quezacoatl
  1

• License missing from gemspec

  #62 opened 11 years ago by bf4
  4

• Authenticity token not being set unless form is sent

  #60 opened 11 years ago by cesarfigueroa
  2

• What is meant by "rack-csrf" compatibility?

  #67 opened 11 years ago by da99
  1

• Implementation doubt

  #59 opened 12 years ago by sonoman
  2

• nosniff should be set non html content as well

  #40 opened 12 years ago by mkristian
  1

• CORS and JSON_CSRF

  #39 opened 12 years ago by resistorsoftware
  1

• Block remote requests from non-HTTP pages

  #44 opened 12 years ago by louismullie
  1

• Why don't you recommend using the form token with rack protection?

  #38 opened 12 years ago by dariocravero
  2

• undefined method `base_url'

  #36 opened 12 years ago by patsanch
  4

• Gemspec contains non-US-ASCII characters, can't install on older rubygems

  #35 opened 12 years ago by jeremyevans
  0

• undefined method `last' for nil:NilClass

  #34 opened 12 years ago by hron84
  2