sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
301 commits 1 branch 0 tags 1.1 MiB
Commit graph

8 commits

Author SHA1 Message Date
Renée Hendricksen
c3ccb6f641 working Travis CI tests 2016-07-01 18:22:21 -04:00
Aaron Suggs
57f513e1e9 Fix Appraisals & gemfile tests 
The gemfiles had drifted from the Appraisals file from which they’re
generated.
 2015-12-21 09:34:21 -05:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
1981b38063 [travis] Test activesupport 4.2 2015-05-22 14:29:08 -04:00
hakanensari
0640a53cdf Use Appraisal to test against multiple versions 2014-04-09 13:11:43 +01:00
Aaron Suggs
db42cc702e tests: add gemfiles for dalli 1.1.x and 2.x 2014-03-31 18:42:27 -04:00
Aaron Suggs
3cec847048 [travisci] Fix gemspec path in gemfiles 2013-08-20 13:53:18 -04:00
Aaron Suggs
da2f265e7e [travisci] Add tests for activesupport 3.2 and 4.0 2013-08-20 13:47:45 -04:00