Skip to content

Instantly share code, notes, and snippets.

@rkh
Created January 6, 2014 14:14
Show Gist options
  • Save rkh/befd7d127f4052d292d5 to your computer and use it in GitHub Desktop.
Save rkh/befd7d127f4052d292d5 to your computer and use it in GitHub Desktop.
require 'rack/protection'
module Rack
module Protection
##
# Prevented attack:: Cookie Injection
# Supported browsers:: all (Chrome was affected)
#
# Removes response headers containing illigal characters.
class CleanHeaders < Base
def call(env)
status, headers, body = app.call(env)
new_headers = {}
headers.each do |key, value|
if value =~ /[\000-\011\013-\037]/
warn env, "dropping header: value for #{key} contains illegal characters"
else
new_headers[key] = value
end
end
[status, new_headers, body]
end
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment