rkh/clean_headers.rb Secret

## clean_headers.rb
require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   Cookie Injection
    # Supported browsers:: all (Chrome was affected)
    #
    # Removes response headers containing illigal characters.
    class CleanHeaders < Base
      def call(env)
        status, headers, body = app.call(env)
        new_headers           = {}

        headers.each do |key, value|
          if value =~ /[\000-\011\013-\037]/
            warn env, "dropping header: value for #{key} contains illegal characters"
          else
            new_headers[key] = value
          end
        end

        [status, new_headers, body]
      end
    end
  end
end
	require 'rack/protection'

	module Rack
	module Protection
	##
	# Prevented attack:: Cookie Injection
	# Supported browsers:: all (Chrome was affected)
	#
	# Removes response headers containing illigal characters.
	class CleanHeaders < Base
	def call(env)
	status, headers, body = app.call(env)
	new_headers = {}

	headers.each do \|key, value\|
	if value =~ /[\000-\011\013-\037]/
	warn env, "dropping header: value for #{key} contains illegal characters"
	else
	new_headers[key] = value
	end
	end

	[status, new_headers, body]
	end
	end
	end
	end