Rack::Cache caches Set-Cookie response headers yielding potential security holes in apps #52

merged 7 commits into from Feb 15, 2012
Commits on Feb 10, 2012
  1. @rmm5t

    Removed Gemfile.lock

    rmm5t committed Feb 10, 2012
    Gemfile.lock was correctly in the .gitignore file, but was also committed to the
    repository.  See
    Furthermore, it was locked to a version of memcached that I could get to compile
    on Lion.
  2. @rmm5t
  3. @rmm5t

    Added ignore_headers configuration option

    rmm5t committed Feb 10, 2012
    Defaults to ['Set-Cookie'] thereby stripping cookies from cacheable responses
  4. @rmm5t

    Removed all ignore_headers before writing to the cache

    rmm5t committed Feb 10, 2012
    By default, this will strip the Set-Cookie response header before storing a
    cacheable response.
  5. @rmm5t
  6. @rmm5t
  7. @rmm5t