Sha256: c8d32b19cacc32fb95ef113e9f13c0ae548eb0f27fccd824508959fe029d6c3f

Contents?: true

Size: 607 Bytes

Versions: 61

Compression:

Stored size: 607 Bytes

Contents

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   CSRF
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    #
    # Does not accept unsafe HTTP requests if the Referer [sic] header is set to
    # a different host.
    #
    # Combine with NoReferrer to also block remote requests from non-HTTP pages
    # (FTP/HTTPS/...).
    class RemoteReferrer < Base
      default_reaction :deny

      def accepts?(env)
        safe?(env) or referrer(env) == Request.new(env).host
      end
    end
  end
end

Version data entries

61 entries across 61 versions & 4 rubygems

Version Path
rack-protection-0.1.0 lib/rack/protection/remote_referrer.rb