Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

remove Sinatra::Protection (part of Sinatra now)

  • Loading branch information...
commit a1f81561de149a20cffe71ea334d3a15eb9a83e0 1 parent eee4f22
@rkh rkh authored
View
7 README.md
@@ -41,9 +41,6 @@ Currently included:
* `sinatra/namespace`: Adds namespace support to Sinatra.
-* `sinatra/protection`: Sets up rack-protection to protect common attacks
- against your application.
-
* `sinatra/respond_with`: Choose action and/or template depending automatically
depending on the incoming request. Adds helpers `respond_to` and
`respond_with`.
@@ -100,13 +97,13 @@ A single extension (example: sinatra-content-for):
``` ruby
require 'sinatra/base'
require 'sinatra/content_for'
-require 'sinatra/protection'
+require 'sinatra/namespace'
class MyApp < Sinatra::Base
# Note: Some modules are extensions, some helpers, see the specific
# documentation or the source
helpers Sinatra::ContentFor
- register Sinatra::Protection
+ register Sinatra::Namespace
end
```
View
1  lib/sinatra/contrib.rb
@@ -9,7 +9,6 @@ module Contrib
module Common
register :ConfigFile
register :Namespace
- register :Protection
register :RespondWith
helpers :Capture
View
53 lib/sinatra/protection.rb
@@ -1,53 +0,0 @@
-require 'sinatra/base'
-require 'rack/protection'
-
-module Sinatra
-
- # = Sinatra::Protection
- #
- # Sets up {rack-protection}[https://github.com/rkh/rack-protection] to
- # prevent common attacks against your application.
- #
- # == Usage
- # The protection modes used can be configured by the +protection+ setting:
- #
- # require 'sinatra'
- # require 'sinatra/protection'
- #
- # set :protection, :except => :path_traversal
- #
- # There are a few, partly protection specific options you can set, too:
- #
- # set :protection,
- # :reaction => :deny, # block malicious requests, alternative: :drop_session
- # :frame_options => :deny # do not allow any embedding in frames (default: :sameorigin)
- #
- # For more information, see rack-protection.
- #
- # === Classic Application
- #
- # As with any other extension, you have to register this one manually in a
- # classic application:
- #
- # require 'sinatra/base'
- # require 'sinatra/protection'
- #
- # class MyApp < Sinatra::Base
- # register Sinatra::Protection
- # end
- module Protection
- def setup_default_middleware(builder)
- super
- if protection
- options = protection == true ? {} : protection
- builder.use Rack::Protection, options
- end
- end
-
- def self.registered(base)
- base.enable :protection
- end
- end
-
- register Sinatra::Namespace
-end
View
45 spec/protection_spec.rb
@@ -1,45 +0,0 @@
-require 'backports'
-require_relative 'spec_helper'
-
-class MiddlewareTracker < Rack::Builder
- def self.used
- @used ||= []
- end
-
- def use(middleware, *)
- MiddlewareTracker.used << middleware
- super
- end
-end
-
-describe Sinatra::Protection do
- before do
- Rack.send :remove_const, :Builder
- Rack.const_set :Builder, MiddlewareTracker
- MiddlewareTracker.used.clear
- end
-
- after do
- Rack.send :remove_const, :Builder
- Rack.const_set :Builder, MiddlewareTracker.superclass
- end
-
- it 'sets up Rack::Protection' do
- Sinatra.new { register Sinatra::Protection }.new
- MiddlewareTracker.used.should include(Rack::Protection)
- end
-
- it 'sets up Rack::Protection::PathTraversal by default' do
- Sinatra.new { register Sinatra::Protection }.new
- MiddlewareTracker.used.should include(Rack::Protection::PathTraversal)
- end
-
-
- it 'does not set up Rack::Protection::PathTraversal when disabling it' do
- Sinatra.new do
- register Sinatra::Protection
- set :protection, :except => :path_traversal
- end.new
- MiddlewareTracker.used.should_not include(Rack::Protection::PathTraversal)
- end
-end
Please sign in to comment.
Something went wrong with that request. Please try again.