Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Dec 10, 2012
  1. @rkh

    bump version

    rkh authored
  2. @rkh

    remove history section

    rkh authored
  3. @rkh
  4. @rkh
  5. @rkh
Commits on Sep 5, 2012
  1. @rkh

    upgrade rake

    rkh authored
  2. @rkh

    Merge pull request #30 from bjoerge/add-json-crsf-http-origin-check

    rkh authored
    Bypass referer check if Origin header is given
  3. @bjoerge
Commits on Aug 7, 2012
  1. @rkh

    Merge pull request #29 from savulchik/master

    rkh authored
    Fix for issue #28
  2. @savulchik
Commits on Jul 2, 2012
  1. @rkh

    Merge pull request #27 from spagalloco/escapenils

    rkh authored
    allow cache-breaker params in EscapedParams
  2. @stve
Commits on Jun 28, 2012
  1. @rkh

    Merge pull request #26 from send/x-content-type-options

    rkh authored
    X-Content-Type-Options feature
  2. @send

    X-Content-Type-Options feature

    send authored
Commits on May 28, 2012
  1. @rkh

    Merge pull request #24 from hanklords/master

    rkh authored
    Do not add a / to empty path in 'path_traversal'
Commits on May 27, 2012
  1. @hanklords
Commits on May 13, 2012
  1. @rkh

    Merge pull request #22 from toooooooby/patch-1

    rkh authored
    Reflect fix issue #8 by ae9c330 into README.md
  2. @tobynet
Commits on May 12, 2012
  1. @rkh

    Merge pull request #21 from p0deje/spec_fix

    rkh authored
    Fix specs
  2. @p0deje

    Updated Travis CI configuration

    p0deje authored
  3. @p0deje

    refactored spec

    p0deje authored
  4. @p0deje
  5. @rkh

    Merge pull request #16 from p0deje/http_origin

    rkh authored
    Implementation of Origin CSRF mitigation request header
Commits on Jan 30, 2012
  1. @p0deje

    Updated README

    p0deje authored
  2. @p0deje

    Use HTTP Origin by default

    p0deje authored
  3. @p0deje

    Specs for HTTP Origin

    p0deje authored
  4. @p0deje
Commits on Dec 30, 2011
  1. @rkh

    bump version

    rkh authored
  2. @rkh

    Merge pull request #13 from hecticjeff/json-csrf-warning

    rkh authored
    Show warnings for JsonCsrf attacks
  3. @rkh
Commits on Dec 2, 2011
  1. @chrismytton

    Show warnings for a `JsonCsrf` attack.

    chrismytton authored
    Since the `JsonCsrf` middleware overrides the `call` method, the default
    warning is never displayed. I couldn't figure out why sinatra was
    returning a 403 for CORS and JSONP requests, tracked it down to this.
Commits on Nov 21, 2011
  1. @rkh

    Merge pull request #12 from nightscape/patch-1

    rkh authored
    Use more specific namespace declaration in Rack::Builder configuration.
  2. @nightscape
Commits on Nov 8, 2011
  1. @rkh

    Merge pull request #10 from Undev/fix-NotImpelentedError-typo

    rkh authored
    NotImpelentedError typo fix
  2. @akzhan

    NotImpelentedError typo fix

    akzhan authored
Something went wrong with that request. Please try again.