Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / sinatra/rack-protection issues and pull requests

#123 - Mention the migration in GitHub Pages

Issue - State: open - Opened by FranklinYu over 5 years ago

#122 - Use secure_compare when checking CSRF token

Pull Request - State: closed - Opened by namusyaka over 6 years ago - 1 comment

#121 - Stable 1.5

Pull Request - State: closed - Opened by elmcastro over 6 years ago - 1 comment

#120 - enhanced path validation in Windows

Pull Request - State: closed - Opened by namusyaka almost 7 years ago

#119 - How can I update AuthenticityToken automatically?

Issue - State: closed - Opened by dehengxu over 7 years ago - 1 comment

#118 - New stable release before merging?

Issue - State: closed - Opened by astratto about 8 years ago - 7 comments

#116 - Notice for upstream move

Pull Request - State: closed - Opened by zzak over 8 years ago

#115 - Mitigate BREACH attack

Pull Request - State: closed - Opened by jkowens over 8 years ago - 6 comments

#114 - Remove extra calls to method that determines cookie paths

Pull Request - State: closed - Opened by jkowens over 8 years ago

#113 - Add cookie tossing protection

Pull Request - State: closed - Opened by jkowens over 8 years ago - 1 comment

#112 - Enclose CSP self in quotes

Pull Request - State: closed - Opened by jamesdabbs over 8 years ago - 2 comments

#111 - Add img-src CSP directive

Pull Request - State: closed - Opened by jamesdabbs over 8 years ago - 1 comment

#110 - Sinatra problem with rack-protection

Issue - State: closed - Opened by pamit over 8 years ago - 1 comment

#109 - Regenerate docs

Issue - State: closed - Opened by zzak over 8 years ago

#108 - Add :allow_if config option to http origin for custom accept/reject

Pull Request - State: closed - Opened by nathanstitt over 8 years ago - 2 comments

#106 - AuthenticityToken

Issue - State: closed - Opened by hojberg over 8 years ago - 3 comments

#105 - Add Strict Transport Security protection

Pull Request - State: closed - Opened by maciekm almost 9 years ago - 4 comments

#104 - add nil check for unset Content-Type header

Pull Request - State: closed - Opened by beanieboi almost 9 years ago - 3 comments

#103 - undefined method `[]' for nil:NilClass

Issue - State: closed - Opened by beanieboi almost 9 years ago - 4 comments

#102 - Update README.md

Pull Request - State: closed - Opened by adelevie about 9 years ago - 4 comments

#101 - Consider changing the repo description

Issue - State: closed - Opened by adelevie about 9 years ago - 3 comments

#100 - Is AuthenticityToken broken?

Issue - State: closed - Opened by odigity about 9 years ago - 2 comments

#99 - Fix Tempfile reference being returned as nil

Pull Request - State: closed - Opened by Albert-IV about 9 years ago - 2 comments

#98 - Use secure_compare when checking CSRF token

Pull Request - State: closed - Opened by jeltz over 9 years ago - 15 comments

#97 - Fixes HttpOrigin to consider the 'null' string value

Pull Request - State: closed - Opened by kandalf over 9 years ago - 2 comments

#96 - Session Hijacking default of HTTP_ACCEPT_LANGUAGE is broken for IE with XHR

Issue - State: closed - Opened by t-cyrill over 9 years ago - 2 comments

#95 - Adds ability to allow or deny being embedded based on the referrer domain

Pull Request - State: closed - Opened by joaomilho over 9 years ago - 4 comments

#94 - Homepage link is broken

Issue - State: closed - Opened by zzak over 9 years ago - 2 comments

#93 - Fix permissions back to 0644

Pull Request - State: closed - Opened by strzibny almost 10 years ago - 1 comment

#92 - Rack::Protection::SessionHijacking

Issue - State: closed - Opened by frodsan almost 10 years ago - 2 comments

#91 - Dont remove tempfile params, warn when dropping params

Pull Request - State: closed - Opened by danleyden almost 10 years ago - 1 comment

#90 - escaped params silently removing files

Issue - State: closed - Opened by danleyden almost 10 years ago - 3 comments

#89 - Token changes between retrieval and request

Issue - State: closed - Opened by cmouse about 10 years ago - 1 comment

#88 - [Warning] Session Hijacking default of HTTP_ACCEPT_LANGUAGE is broken for iOS 8+

Issue - State: closed - Opened by tommeier about 10 years ago - 2 comments

#87 - Upgrade to RSpec 3 and major specs refactoring

Pull Request - State: closed - Opened by mdesantis about 10 years ago - 11 comments

#86 - Description about prevented attacks

Pull Request - State: closed - Opened by tayler1 over 10 years ago - 2 comments

#85 - Rack Protection blocks all requests from proxy/frontend

Issue - State: closed - Opened by tayler1 over 10 years ago - 5 comments

#84 - JsonCsrf for GET image.

Issue - State: closed - Opened by georgeu2000 over 10 years ago - 4 comments

#83 - AuthenticityToken check in a rails app when no session['_csrf_token'] is set

Issue - State: closed - Opened by anthony over 10 years ago - 6 comments

#82 - Invalid URI causes exception

Issue - State: closed - Opened by rb2k over 10 years ago - 3 comments

#81 - [Readme] Instrumentation example

Issue - State: closed - Opened by tommeier over 10 years ago - 1 comment

#80 - Path traversal middleware stops sinatra route from matching

Issue - State: closed - Opened by myronmarston over 10 years ago - 2 comments

#79 - Please add changelog

Issue - State: closed - Opened by PikachuEXE over 10 years ago - 2 comments

#78 - closes body on prevented JsonCsrf

Pull Request - State: closed - Opened by rkh over 10 years ago

#76 - clarify reaction warning, test it

Pull Request - State: closed - Opened by ujifgc over 10 years ago

#75 - added content security policies

Pull Request - State: closed - Opened by mkristian over 10 years ago - 3 comments

#74 - Discard invalid Referer header

Pull Request - State: closed - Opened by statianzo almost 11 years ago

#73 - Ignore changing Accept-Encoding header, fixes #56

Pull Request - State: closed - Opened by rennex almost 11 years ago

#72 - content-type-security header

Issue - State: closed - Opened by mkristian almost 11 years ago - 2 comments

#71 - Don't create request since it is unused.

Pull Request - State: closed - Opened by vipulnsward about 11 years ago

#70 - URL-encoded resources does not work since 1.5.1

Issue - State: closed - Opened by quezacoatl about 11 years ago - 1 comment

#69 - ensure Rack::Protection::Base#random_string always outputs 32 characters

Pull Request - State: closed - Opened by pje about 11 years ago

#68 - Ensure that session contains a csrf token after "safe" requests

Pull Request - State: closed - Opened by pje about 11 years ago - 6 comments

#67 - What is meant by "rack-csrf" compatibility?

Issue - State: closed - Opened by da99 about 11 years ago - 1 comment

#66 - Add instrumentation support

Pull Request - State: closed - Opened by brookemckim over 11 years ago - 5 comments

#65 - Implemented an authenticity_param option on AuthenticityToken

Pull Request - State: closed - Opened by dariocravero over 11 years ago

#64 - Mask CSRF tokens to mitigate BREACH attack

Issue - State: closed - Opened by louismullie over 11 years ago - 1 comment

#63 - Whitelist for JsonCsrf

Issue - State: closed - Opened by rsiddle over 11 years ago - 1 comment

#62 - License missing from gemspec

Issue - State: closed - Opened by bf4 over 11 years ago - 4 comments

#61 - Invalid referer raises error

Issue - State: closed - Opened by georgeu2000 over 11 years ago - 5 comments

#60 - Authenticity token not being set unless form is sent

Issue - State: closed - Opened by cesarfigueroa over 11 years ago - 2 comments

#59 - Implementation doubt

Issue - State: closed - Opened by sonoman over 11 years ago - 2 comments

#58 - Encoding fix

Pull Request - State: closed - Opened by jeffWelling over 11 years ago

#57 - Fixed encoding bug

Pull Request - State: closed - Opened by jeffWelling over 11 years ago - 4 comments

#56 - SessionHijacking false positive when serving video tag source

Issue - State: closed - Opened by dgutov over 11 years ago - 1 comment

#55 - Add documentation

Issue - State: closed - Opened by m-o-e over 11 years ago - 3 comments

#54 - Fix PathTraversal to leave encoding of PATH_INFO unchanged

Pull Request - State: closed - Opened by dayflower over 11 years ago

#53 - Cookie protection, ala Github's blog post

Issue - State: closed - Opened by nogweii over 11 years ago

#52 - Check for nil response on JsonCsrf protection

Pull Request - State: closed - Opened by bugant over 11 years ago - 1 comment

#51 - FIX: default_reaction was not working

Pull Request - State: closed - Opened by bugant over 11 years ago - 4 comments

#50 - undefined method `detect' for nil:NilClass

Issue - State: closed - Opened by blambeau over 11 years ago - 24 comments

#49 - Feature Request: add support for Strict Transport Security

Issue - State: closed - Opened by oreoshake over 11 years ago - 2 comments

#48 - X-XSS-Protection also applies to chrome

Issue - State: closed - Opened by oreoshake over 11 years ago - 1 comment

#47 - Silently Ignore Lack of Session Middleware

Issue - State: closed - Opened by Wardrop over 11 years ago - 7 comments

#46 - Feature/report reaction

Pull Request - State: closed - Opened by skade over 11 years ago - 6 comments

#45 - Don't autoload?

Issue - State: closed - Opened by charlie over 11 years ago - 11 comments

#44 - Block remote requests from non-HTTP pages

Issue - State: closed - Opened by louismullie almost 12 years ago - 1 comment

#43 - Detect and reject Ruby objects sent in YAML format

Issue - State: closed - Opened by brynary almost 12 years ago - 7 comments

#42 - Spec for escaped_params handling of POST bodies

Pull Request - State: closed - Opened by skade almost 12 years ago - 3 comments

#41 - Introducing :use

Pull Request - State: closed - Opened by homakov almost 12 years ago - 2 comments

#40 - nosniff should be set non html content as well

Issue - State: closed - Opened by mkristian almost 12 years ago - 1 comment

#39 - CORS and JSON_CSRF

Issue - State: closed - Opened by resistorsoftware almost 12 years ago - 1 comment

#38 - Why don't you recommend using the form token with rack protection?

Issue - State: closed - Opened by dariocravero almost 12 years ago - 2 comments

#37 - HttpOrigin should be disabled by default

Pull Request - State: closed - Opened by p0deje almost 12 years ago - 16 comments

#36 - undefined method `base_url'

Issue - State: closed - Opened by patsanch almost 12 years ago - 4 comments

#34 - undefined method `last' for nil:NilClass

Issue - State: closed - Opened by hron84 almost 12 years ago - 2 comments

#33 - Please yank v 1.3.0

Issue - State: closed - Opened by xaviervia almost 12 years ago - 1 comment

#32 - Don't choke on requests that end up without a content-type header

Pull Request - State: closed - Opened by cheald almost 12 years ago - 1 comment

#31 - X-Frame-Option should only be set for HTML responses

Issue - State: closed - Opened by rkh almost 12 years ago

#30 - Bypass referer check if Origin header is given

Pull Request - State: closed - Opened by bjoerge about 12 years ago - 2 comments

#25 - X-Frame-Options sameorigin case

Issue - State: closed - Opened by darscan over 12 years ago - 2 comments

#23 - Update lib/rack/protection/json_csrf.rb

Pull Request - State: closed - Opened by homakov over 12 years ago - 9 comments

#18 - AuthenticityToken should provide a method to retrieve the token

Issue - State: closed - Opened by acrispino almost 13 years ago - 4 comments

#16 - Implementation of Origin CSRF mitigation request header

Pull Request - State: closed - Opened by p0deje almost 13 years ago - 6 comments

#11 - ie8 on win7 refuses to work w/session_hijacking enabled

Issue - State: closed - Opened by eyberg about 13 years ago - 42 comments

#4 - Add parens for 'Ambiguous first argument' warnings in jruby

Pull Request - State: closed - Opened by dekellum about 13 years ago - 1 comment