Rack::Cache caches Set-Cookie response headers yielding potential security holes in apps #52

Merged
merged 7 commits into from Feb 15, 2012
Commits on Feb 10, 2012
  1. @rmm5t

    Removed Gemfile.lock

    rmm5t committed Feb 10, 2012
    Gemfile.lock was correctly in the .gitignore file, but was also committed to the
    repository.  See
    http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/
    
    Furthermore, it was locked to a version of memcached that I could get to compile
    on Lion.
  2. @rmm5t
  3. @rmm5t

    Added ignore_headers configuration option

    rmm5t committed Feb 10, 2012
    Defaults to ['Set-Cookie'] thereby stripping cookies from cacheable responses
  4. @rmm5t

    Removed all ignore_headers before writing to the cache

    rmm5t committed Feb 10, 2012
    By default, this will strip the Set-Cookie response header before storing a
    cacheable response.
  5. @rmm5t
  6. @rmm5t
  7. @rmm5t