Claire
8ab0ca7d64
Merge pull request from GHSA-c2r5-cfqr-c553
...
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations
* Remove rack-attack safelist
2024-05-30 14:24:29 +02:00
Eugen Rochko
6e418bf346
Fix cookies secure flag being set when served over Tor ( #17992 )
2022-04-08 12:47:18 +02:00
Justin Tracey
c9e8e1739c
replace all instances of "ends_with?" with "end_with?" ( #15745 )
...
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
Justin Tracey
3f8523130d
use host instead of headers to make Rack happy ( #15741 )
...
"headers" is provided by Rails, Rack can't rely on it
2021-02-16 15:28:17 +01:00
Cecylia Bocovich
3447bd2f80
Monkey patch Rack::Session to send secure cookies to onions ( #15725 )
2021-02-14 00:10:52 +01:00
Claire
21fb3f3684
Drop dependency on secure_headers, fix response headers ( #15712 )
...
* Drop dependency on secure_headers, use always_write_cookie instead
* Fix cookies in Tor Hidden Services by moving configuration to application.rb
* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2021-02-11 23:47:05 +01:00