wrap-params middleware doesn't make a user detect a charset of GET mothod.
When client does not specify its charset in Content-Type header of a request, a server use default charset(ISO-8859-1). Therefore parameters of a request is encoded in other than default charset without ...
wrap-params middleware doesn't function when not url-encoded...
IE send an url not url-encoded when "Send UTF-8 query strings..." flag of Internet Option is unset. And parameters of this request can't be processed properly by wrap-params, which decode ...
Minor docstring update for http-only flag
Fix confusing and incorrect definition in docstring for http-only https://www.owasp.org/index.php/HttpOnly
wrap-resource captures root route when in a jar file
If wrap-resource is added to the handler stack ahead of Compojure routes meant to serve the root (index) route while running from a jar file, it will mistakenly identify the top resource directory as a ...
In ring-core 1.2.1, I'm getting this explosion: Exception in thread "main" java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletRequest, compiling:(ring/middleware/multipart_params.clj:39:5) ...
At https://github.com/mmcgrana/ring/blob/master/ring-core/src/ring/middleware/session/cookie.clj#L92 should there be a (binding [read-eval false] ) ? Otherwise, it seems -- suppose some other vulnerability ...
The middleware wrap-head makes Content-Length always be 0
Because it sets :body to nil, and :body is used to set Content-Length.
Update ring-devel/src/ring/middleware/stacktrace.clj
Catch all Throwaables, not just Exceptions, so that (assert ...) works inside handlers.
Session wrapper does not update the cookie after session expiry date is changed.
(ns ring-session-test.core) (use 'ring.middleware.session) (defn handler [{session :session uri :uri}] (let [res {:status 200 :headers {"Content-Type" "text/plain"} ...