Flowdock
Ruby on Rails latest stable (v5.2.3) - 0 notes - Superclass: Object
  • 1.0.0
  • 1.1.6
  • 1.2.6
  • 2.0.3
  • 2.1.0
  • 2.2.1
  • 2.3.2
  • 2.3.8
  • 3.0.0
  • 3.0.9
  • 3.1.0
  • 3.2.1
  • 3.2.8
  • 3.2.13
  • 4.0.2
  • 4.1.8
  • 4.2.1
  • 4.2.7
  • 4.2.9
  • 5.0.0.1
  • 5.1.7
  • 5.2.3
  • 6.0.0 (0)
  • 6.1.3.1 (38)
  • What's this?

Class not available on this version

This class is only available on newer versions. The first available version of the class is shown here.

This middleware guards from DNS rebinding attacks by explicitly permitting the hosts a request can be sent to.

When a request comes to an unauthorized host, the response_app application will be executed and rendered. If no response_app is given, a default one will run, which responds with +403 Forbidden+.

Constants

DEFAULT_RESPONSE_APP = -> env do request = Request.new(env) format = request.xhr? ? "text/plain" : "text/html" template = DebugView.new(host: request.host) body = template.render(template: "rescues/blocked_host", layout: "rescues/layout") [403, { "Content-Type" => "#{format}; charset=#{Response.default_charset}", "Content-Length" => body.bytesize.to_s, }, [body]] end

Attributes

Show files where this class is defined (1 file)
Register or log in to add new notes.