* Closes CVE-2013-0262
A race condition can arise when two servers are started simultaneously. Both instances may complete the check for an existing pidfile before either one writes it. Now the pidfile is opened with ::File::EXCL, which raises an error if the file already exists. This error is handled by retrying the check and the write.
* Closes CVE-2013-0263
* Closes #504
this way it can be used with rubygems.org API
* Closes #508 * Adds some limited coverage. More issues highlighted - incomplete local ips.
Changing incorrect documentation
* Too easy to miss during updates * Required format unchanged * Closes #501
* Basic additional APIs to simplify requirements for Rails and Devise
The original comment on set_session said to return true or false depending on whether the session was saved or not. In reality, this method MUST return the session id in order for #commit_session to set the cookie data properly.
* 'lint-headerhash' of git://bogomips.org/rack: lint: avoid TypeError on non-Hash-like response headers
Added specific test when X-Forwarded-For is 'unknown'
According to SPEC (and check_headers), Response headers need only respond to #each. Thus, check_hijack_response should rely on Rack::Utils::HeaderHash if it wishes to access the headers in a hash-like fashion.
* Closes #498
Remove never called string
Previous check `p.empty?` makes sure that p contains at least 1 symbol. After `.split('=', 2)` k or v or both will turn into some string which means `k || v` will always return true and `next` will never be called.