kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
232325 commits 166 branches 0 tags 1.5 GiB
Commit graph

5 commits

Author SHA1 Message Date
taca
5dc1476069 Update ruby-rack-ssl to 1.4.1. 
* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.

  Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
  the resulting exception. This creates an attack vector for XSS attacks.

* Added more installation/usage instructions into the README

* Return 400 instead of 404 in case of InvalidURIError

* Include Content-Type in 400 response.
  To stay compatible with old Rack versions.

* Skip URI parsing Request#url
  URI may fail to parse some legit URL paths.
 2015-03-13 17:31:37 +00:00
taca
f8624a0be8 Add security fix for CVE-2014-2538. 
Bump PKGREVISION.
 2014-03-21 01:06:47 +00:00
taca
528e20f1ba Make depends to www/ruby-rack14 instead of www/ruby-rack. 
Bump PKGREVISION.
 2013-03-10 09:15:19 +00:00
taca
02d6347e32 Update ruby-rack-ssl to 1.3.3. 
o Add :port to options.
o use status 307 for anything but GET or HEAD.
 2013-02-11 04:03:45 +00:00
taca
614bbc6f1b Importing www/ruby-rack-ssl package version 1.3.2. 
Rack::SSL
=========

Force SSL/TLS in your app.

1. Redirects all "http" requests to "https"
2. Set `Strict-Transport-Security` header
3. Flag all cookies as "secure"
 2011-12-15 15:29:27 +00:00