add protection

2012-12-12 23:33:43 +01:00 · 2012-12-12 23:33:43 +01:00 · 726190634b
commit 726190634b
parent d1cb2c7a92
3 changed files with 7 additions and 1 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ source :rubygems

 gem 'puma'
 gem 'rack-ssl', '~> 1.3'
+gem 'rack-protection', '~> 1.3'
 gem 'rack-cache'
 gem 'sinatra'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -71,7 +71,7 @@ GEM
    rack (1.4.1)
    rack-cache (1.2)
      rack (>= 0.4)
-    rack-protection (1.2.0)
+    rack-protection (1.3.2)
      rack
    rack-ssl (1.3.2)
      rack
@ -128,6 +128,7 @@ DEPENDENCIES
  localeapp-handlebars_i18n
  puma
  rack-cache
+  rack-protection (~> 1.3)
  rack-ssl (~> 1.3)
  rake (~> 0.9.2)
  rake-pipeline!
--- a/lib/travis/web/app.rb
+++ b/lib/travis/web/app.rb
@ -1,6 +1,7 @@
 require 'rack'
 require 'rack/ssl'
 require 'rack/cache'
+require 'rack/protection'
 require 'delegate'
 require 'time'

@ -130,6 +131,9 @@ class Travis::Web::App
      end
      builder.use Rack::Deflater
      builder.use Rack::Head
+      builder.use Rack::Protection::XssHeader
+      builder.use Rack::Protection::FrameOptions
+      builder.use Rack::Protection::PathTraversal
      builder.use Rack::ConditionalGet
      builder.use MobileRedirect
      builder.run router