RSpec
Ruby on Rails
Ruby
v6.0.0 -
Show latest stable
-
0 notes
- Superclass:
Object
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0 (0)
- 6.1.3.1 (38)
- 6.1.7.7 (34)
- 7.0.0 (0)
- 7.1.3.2 (7)
- 7.1.3.4 (0)
- What's this?
-
new
-
authorized?
-
blocked_hosts
(>= v7.1.3.2)
-
call
-
excluded?
(>= v6.1.3.1)
-
mark_as_authorized
= private
= protected
This middleware guards from DNS rebinding attacks by explicitly permitting the hosts a request can be sent to.
When a request comes to an unauthorized host, the response_app application will be executed and rendered. If no response_app is given, a default one will run, which responds with +403 Forbidden+.
Constants
DEFAULT_RESPONSE_APP = -> env do request = Request.new(env) format = request.xhr? ? "text/plain" : "text/html" template = DebugView.new(host: request.host) body = template.render(template: "rescues/blocked_host", layout: "rescues/layout") [403, { "Content-Type" => "#{format}; charset=#{Response.default_charset}", "Content-Length" => body.bytesize.to_s, }, [body]] end
