sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
466 commits 1 branch 0 tags 1.1 MiB
Commit graph

19 commits

Author SHA1 Message Date
Gonzalo Rodriguez
8a6bb6bc5e
Drop support for rails 5.0, it's an unmaintained series now 2018-04-10 11:43:46 -04:00
Gonzalo Rodriguez
2e9eb6716f
Don't allow failures against rails 5.2, it's out now 2018-04-10 11:02:17 -04:00
Gonzalo Rodriguez
a8200ea95a
Explicitly test against supported rack versions 2018-04-10 10:35:14 -04:00
Gonzalo Rodriguez
e7792aadd7
Remove obsolete piece of autogenerated appraisal gemfile 2018-04-10 10:33:26 -04:00
Gonzalo Rodriguez
859c212058 Merge branch 'master' into move_all_deps_to_gemspec 2018-03-09 10:19:25 -03:00
Gonzalo Rodriguez
d6d471fea5 Move all dependencies to gemspec 2018-02-02 16:05:04 -03:00
Gonzalo Rodriguez
53095231cc Test against rails 5.2.0.rc to get early feedback without causing TravisCI build failures 2018-02-02 13:14:21 -03:00
Gonzalo
a19f92738d Test against actively supported rubies and gems 
https://www.ruby-lang.org/en/downloads/branches://www.ruby-lang.org/en/downloads/branches/
http://guides.rubyonrails.org/maintenance_policy.html
https://www.ruby-lang.org/en/downloads/releases/
 2018-01-17 13:49:24 -03:00
Aaron Suggs
8a6e1e6c03 Add tests for ActiveSupport 5.0 2016-07-05 14:27:49 -04:00
Aaron Suggs
ac4975e692 Remove ruby2.0 exceptions from gemfiles 
..since I stopped testing it in #184
 2016-07-04 22:46:54 -04:00
Aaron Suggs
f6762dfc63 Drop test coverage for activesupport 3.2/4.0; dalli 1.1 
They’re EOL, and the tests are a pain to maintain.
 2016-07-04 22:12:55 -04:00
Renée Hendricksen
c3ccb6f641 working Travis CI tests 2016-07-01 18:22:21 -04:00
Aaron Suggs
57f513e1e9 Fix Appraisals & gemfile tests 
The gemfiles had drifted from the Appraisals file from which they’re
generated.
 2015-12-21 09:34:21 -05:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
1981b38063 [travis] Test activesupport 4.2 2015-05-22 14:29:08 -04:00
hakanensari
0640a53cdf Use Appraisal to test against multiple versions 2014-04-09 13:11:43 +01:00
Aaron Suggs
db42cc702e tests: add gemfiles for dalli 1.1.x and 2.x 2014-03-31 18:42:27 -04:00
Aaron Suggs
3cec847048 [travisci] Fix gemspec path in gemfiles 2013-08-20 13:53:18 -04:00
Aaron Suggs
da2f265e7e [travisci] Add tests for activesupport 3.2 and 4.0 2013-08-20 13:47:45 -04:00