pkgsrc/www/ruby-rack-ssl/Makefile at 00992a52a493415bb98198f6c1785c6bf547f0a2 - kpriv/pkgsrc - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/pkgsrc

taca 5dc1476069 Update ruby-rack-ssl to 1.4.1.

* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.

  Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
  the resulting exception. This creates an attack vector for XSS attacks.

* Added more installation/usage instructions into the README

* Return 400 instead of 404 in case of InvalidURIError

* Include Content-Type in 400 response.
  To stay compatible with old Rack versions.

* Skip URI parsing Request#url
  URI may fail to parse some legit URL paths.

2015-03-13 17:31:37 +00:00

14 lines

361 B

Makefile

Raw Blame History

 # $NetBSD: Makefile,v 1.5 2015/03/13 17:31:37 taca Exp $
 DISTNAME=	rack-ssl-1.4.1
 CATEGORIES=	www
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	https://github.com/josh/rack-ssl
 COMMENT=	Rack middleware to force SSL/TLS
 LICENSE=	mit
 DEPENDS+=	${RUBY_PKGPREFIX}-rack14>=0:../../www/ruby-rack14
 .include "../../lang/ruby/gem.mk"
 .include "../../mk/bsd.pkg.mk"