rack-strip_http_accept_headers 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.mdown +23 -0
- data/lib/rack/strip_http_accept_headers.rb +20 -0
- data/spec/lib/rack/strip_http_accept_headers_spec.rb +33 -0
- data/spec/spec_helper.rb +1 -0
- metadata +76 -0
data/README.mdown
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Rack middleware to strip HTTP accept headers
|
|
2
|
+
|
|
3
|
+
Strips HTTP_ACCEPT headers for all non XML HTTP requests
|
|
4
|
+
|
|
5
|
+
HTTP accept headers are generally implemented in such a broken way in the
|
|
6
|
+
wild, see http://www.gethifi.com/blog/browser-rest-http-accept-headers that
|
|
7
|
+
unless you really need them it is best to ignore them.
|
|
8
|
+
|
|
9
|
+
## FAQ
|
|
10
|
+
|
|
11
|
+
1. Why keep the HTTP accept headers for XML HTTP requests?
|
|
12
|
+
|
|
13
|
+
XML HTTP requests are often made from the javascript you have placed in web pages. In these cases you control the accept headers that are sent with the requests and so it is neat to be able to make use of these for content negotiation, so we leave them in.
|
|
14
|
+
|
|
15
|
+
2. I want to turn off content negotiation entirely?
|
|
16
|
+
|
|
17
|
+
If you are using Rails v3.1 or greater and you want to turn off content negotiation entirely with
|
|
18
|
+
|
|
19
|
+
```ActionDispatch::Request.ignore_accept_header = true```
|
|
20
|
+
|
|
21
|
+
Once you have done this HTTP accept header values will be ignored.
|
|
22
|
+
|
|
23
|
+
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'rack'
|
|
2
|
+
|
|
3
|
+
module Rack
|
|
4
|
+
# Strips HTTP_ACCEPT headers for all non XML HTTP requests
|
|
5
|
+
#
|
|
6
|
+
# HTTP_ACCEPT headers are generally implemented in such a broken way in the
|
|
7
|
+
# wild, see http://www.gethifi.com/blog/browser-rest-http-accept-headers that
|
|
8
|
+
# unless you really need them it is best to ignore them.
|
|
9
|
+
class StripHttpAcceptHeaders
|
|
10
|
+
def initialize(app)
|
|
11
|
+
@app = app
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def call(env)
|
|
15
|
+
env.delete('HTTP_ACCEPT') unless Rack::Request.new(env).xhr?
|
|
16
|
+
@app.call(env)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Rack::StripHttpAcceptHeaders do
|
|
4
|
+
let(:app) do
|
|
5
|
+
Rack::Builder.new {
|
|
6
|
+
use Rack::StripHttpAcceptHeaders
|
|
7
|
+
run lambda {|env| [200, {'Content-Type' => 'text/html'}, ['']] }
|
|
8
|
+
}.to_app
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def get(path, opts={})
|
|
12
|
+
env = Rack::MockRequest.env_for(path, opts)
|
|
13
|
+
app.call(env)
|
|
14
|
+
env
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
describe 'non XHR' do
|
|
18
|
+
it 'should strip HTTP_ACCEPT headers' do
|
|
19
|
+
get('/path/resource.html',
|
|
20
|
+
'HTTP_ACCEPT' => 'application/xml')['HTTP_ACCEPT'].
|
|
21
|
+
should be_nil
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
describe 'XHR' do
|
|
26
|
+
it 'should not strip HTTP_ACCEPT headers' do
|
|
27
|
+
get('/path/resource.html',
|
|
28
|
+
'HTTP_ACCEPT' => 'application/xml',
|
|
29
|
+
'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')['HTTP_ACCEPT'].
|
|
30
|
+
should == 'application/xml'
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
data/spec/spec_helper.rb
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'rack/strip_http_accept_headers'
|
metadata
ADDED
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: rack-strip_http_accept_headers
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
prerelease:
|
|
6
|
+
platform: ruby
|
|
7
|
+
authors:
|
|
8
|
+
- Joel Chippindale
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2012-03-08 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: rack
|
|
16
|
+
requirement: &70264151741960 !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '1'
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: *70264151741960
|
|
25
|
+
- !ruby/object:Gem::Dependency
|
|
26
|
+
name: rspec
|
|
27
|
+
requirement: &70264151738120 !ruby/object:Gem::Requirement
|
|
28
|
+
none: false
|
|
29
|
+
requirements:
|
|
30
|
+
- - ! '>='
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '2'
|
|
33
|
+
type: :development
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: *70264151738120
|
|
36
|
+
description:
|
|
37
|
+
email: joel.chippindale@econsultancy.com
|
|
38
|
+
executables: []
|
|
39
|
+
extensions: []
|
|
40
|
+
extra_rdoc_files:
|
|
41
|
+
- README.mdown
|
|
42
|
+
files:
|
|
43
|
+
- README.mdown
|
|
44
|
+
- spec/lib/rack/strip_http_accept_headers_spec.rb
|
|
45
|
+
- spec/spec_helper.rb
|
|
46
|
+
- lib/rack/strip_http_accept_headers.rb
|
|
47
|
+
homepage: http://github.com/econsultancy/rack-strip_http_accept_headers
|
|
48
|
+
licenses: []
|
|
49
|
+
post_install_message:
|
|
50
|
+
rdoc_options:
|
|
51
|
+
- --main
|
|
52
|
+
- README.mdown
|
|
53
|
+
require_paths:
|
|
54
|
+
- lib
|
|
55
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
56
|
+
none: false
|
|
57
|
+
requirements:
|
|
58
|
+
- - ! '>='
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '0'
|
|
61
|
+
segments:
|
|
62
|
+
- 0
|
|
63
|
+
hash: 1068922097598369268
|
|
64
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
65
|
+
none: false
|
|
66
|
+
requirements:
|
|
67
|
+
- - ! '>='
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '0'
|
|
70
|
+
requirements: []
|
|
71
|
+
rubyforge_project:
|
|
72
|
+
rubygems_version: 1.8.10
|
|
73
|
+
signing_key:
|
|
74
|
+
specification_version: 3
|
|
75
|
+
summary: Rack middleware to strip accept headers from non XHR requests
|
|
76
|
+
test_files: []
|