Contents

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   CSRF
    # Supported browsers:: Google Chrome 2, Safari 4 and later
    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    #                      http://tools.ietf.org/html/draft-abarth-origin
    #
    # Does not accept unsafe HTTP requests when value of Origin HTTP request header
    # does not match default or whitelisted URIs.
    class HttpOrigin < Base
      DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 }
      default_reaction :deny

      def base_url(env)
        request = Rack::Request.new(env)
        port = ":#{request.port}" unless request.port == DEFAULT_PORTS[request.scheme]
        "#{request.scheme}://#{request.host}#{port}"
      end

      def accepts?(env)
        return true if safe? env
        return true unless origin = env['HTTP_ORIGIN']
        return true if base_url(env) == origin
        Array(options[:origin_whitelist]).include? origin
      end

    end
  end
end

Version data entries

92 entries across 87 versions & 21 rubygems

Version	Path
logstash-output-scalyr-0.2.1.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.2.0	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.2.0.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.26.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.25.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.24.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.23.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.22.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.21.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.20.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.19.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.18.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.17.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.16.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.15.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.14.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.13	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.12	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.11.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb
logstash-output-scalyr-0.1.10.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/http_origin.rb