Commit graph

6 commits

Author SHA1 Message Date
Claire 8ab0ca7d64
Merge pull request from GHSA-c2r5-cfqr-c553
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
2024-05-30 14:24:29 +02:00
Eugen Rochko 6e418bf346
Fix cookies secure flag being set when served over Tor (#17992) 2022-04-08 12:47:18 +02:00
Justin Tracey c9e8e1739c
replace all instances of "ends_with?" with "end_with?" (#15745)
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
Justin Tracey 3f8523130d
use host instead of headers to make Rack happy (#15741)
"headers" is provided by Rails, Rack can't rely on it
2021-02-16 15:28:17 +01:00
Cecylia Bocovich 3447bd2f80
Monkey patch Rack::Session to send secure cookies to onions (#15725) 2021-02-14 00:10:52 +01:00
Claire 21fb3f3684
Drop dependency on secure_headers, fix response headers (#15712)
* Drop dependency on secure_headers, use always_write_cookie instead

* Fix cookies in Tor Hidden Services by moving configuration to application.rb

* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2021-02-11 23:47:05 +01:00