module Rack::Protection

def self.new(app, options = {})

def self.new(app, options = {})
  # does not include: RemoteReferrer, AuthenticityToken and FormToken
  except = Array options[:except]
  Rack::Builder.new do
    use ::Rack::Protection::FrameOptions,     options unless except.include? :frame_options
    use ::Rack::Protection::IPSpoofing,       options unless except.include? :ip_spoofing
    use ::Rack::Protection::JsonCsrf,         options unless except.include? :json_csrf
    use ::Rack::Protection::PathTraversal,    options unless except.include? :path_traversal
    use ::Rack::Protection::RemoteToken,      options unless except.include? :remote_token
    use ::Rack::Protection::SessionHijacking, options unless except.include? :session_hijacking
    use ::Rack::Protection::XSSHeader,        options unless except.include? :xss_header
    run app
  end.to_app
end

def self.version

def self.version
  VERSION
end

module Rack::Protection

def self.new(app, options = {})

def self.version

Classes

Class Methods

Defined in