rack-protection 2.2.1 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rack/protection/ip_spoofing.rb +5 -3
- data/lib/rack/protection/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 41643b8e96c39cab78011412440435328537bdccf21141fd3a448b3b3fd905ba
|
4
|
+
data.tar.gz: 94385c3ad84be0e4a7472efb54f1eb7c4b373c7b6c845bdf1b66b03bef9ad63d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fe3546ac3539741b388c9468bd79b9773b2fbb4a0ed02b71e43b1940008c631232f832e0ec4d93408a3d2a73e7e2ae676b541241798fd2219099c85ebab9267d
|
7
|
+
data.tar.gz: 00dbd06226c8481fbd292171b797407a79dee5fa76a20ec90c3f9d4dec3e24d15ad383c4824589084b7f5639644a19c3cfdf8be3ecdbe03ae4162ef3a576fc2c
|
@@ -13,9 +13,11 @@ module Rack
|
|
13
13
|
|
14
14
|
def accepts?(env)
|
15
15
|
return true unless env.include? 'HTTP_X_FORWARDED_FOR'
|
16
|
-
|
17
|
-
|
18
|
-
return false if env.include?
|
16
|
+
|
17
|
+
ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
|
18
|
+
return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
|
19
|
+
return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
|
20
|
+
|
19
21
|
true
|
20
22
|
end
|
21
23
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-protection
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- https://github.com/sinatra/sinatra/graphs/contributors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-11-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -106,7 +106,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
106
106
|
- !ruby/object:Gem::Version
|
107
107
|
version: '0'
|
108
108
|
requirements: []
|
109
|
-
|
109
|
+
rubyforge_project:
|
110
|
+
rubygems_version: 2.7.6.3
|
110
111
|
signing_key:
|
111
112
|
specification_version: 4
|
112
113
|
summary: Protect against typical web attacks, works with all Rack apps, including
|