README.md in geminabox-0.13.13 vs README.md in geminabox-0.13.14

@@ -22,9 +22,18 @@
 
     require "rubygems"
     require "geminabox"
 
     Geminabox.data = "/var/geminabox-data" # ... or wherever
+
+    # Use Rack::Protection to prevent XSS and CSRF vulnerability if your geminabox server is open public.
+    # Rack::Protection requires a session middleware, choose your favorite one such as Rack::Session::Memcache.
+    # This example uses Rack::Session::Pool for simplicity, but please note that:
+    # 1) Rack::Session::Pool is not available for multiprocess servers such as unicorn
+    # 2) Rack::Session::Pool causes memory leak (it does not expire stored `@pool` hash)
+    use Rack::Session::Pool, expire_after: 1000 # sec
+    use Rack::Protection
+
     run Geminabox::Server
 
 Start your gem server with 'rackup' to run WEBrick or hook up the config.ru as you normally would ([passenger](https://www.phusionpassenger.com/), [thin](http://code.macournoyer.com/thin/), [unicorn](https://bogomips.org/unicorn/), whatever floats your boat).
 
 ## Legacy RubyGems index