v6.0.0 - Show latest stable - 0 notes - Superclass: Object

This middleware guards from DNS rebinding attacks by explicitly permitting the hosts a request can be sent to.

When a request comes to an unauthorized host, the response_app application will be executed and rendered. If no response_app is given, a default one will run, which responds with +403 Forbidden+.


DEFAULT_RESPONSE_APP = -> env do request = Request.new(env) format = request.xhr? ? "text/plain" : "text/html" template = DebugView.new(host: request.host) body = template.render(template: "rescues/blocked_host", layout: "rescues/layout") [403, { "Content-Type" => "#{format}; charset=#{Response.default_charset}", "Content-Length" => body.bytesize.to_s, }, [body]] end


Show files where this class is defined (1 file)
Register or log in to add new notes.