rkh / clean_headers.rb secret
Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist
View clean_headers.rb
Raw
File suppressed. Click to show.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
require 'rack/protection'

 

module Rack

  module Protection

    ##

    # Prevented attack::   Cookie Injection

    # Supported browsers:: all (Chrome was affected)

    #

    # Removes response headers containing illigal characters.

    class CleanHeaders < Base

      def call(env)

        status, headers, body = app.call(env)

        new_headers           = {}

 

        headers.each do |key, value|

          if value =~ /[\000-\011\013-\037]/

            warn env, "dropping header: value for #{key} contains illegal characters"

          else

            new_headers[key] = value

          end

        end

 

        [status, new_headers, body]

      end

    end

  end

end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.