monorail
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,313 Commits 1 Branch 0 Tags 290 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Claire 3fa0dd0b88
Merge pull request from GHSA-c2r5-cfqr-c553 
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
 2024-05-30 14:24:29 +02:00
Eugen Rochko 6e418bf346
Fix cookies secure flag being set when served over Tor (#17992) 2022-04-08 12:47:18 +02:00
Justin Tracey c9e8e1739c
replace all instances of "ends_with?" with "end_with?" (#15745) 
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
 2021-02-19 09:56:14 +01:00
Justin Tracey 3f8523130d
use host instead of headers to make Rack happy (#15741) 
"headers" is provided by Rails, Rack can't rely on it
 2021-02-16 15:28:17 +01:00
Cecylia Bocovich 3447bd2f80
Monkey patch Rack::Session to send secure cookies to onions (#15725) 2021-02-14 00:10:52 +01:00
Claire 21fb3f3684
Drop dependency on secure_headers, fix response headers (#15712) 
* Drop dependency on secure_headers, use always_write_cookie instead

* Fix cookies in Tor Hidden Services by moving configuration to application.rb

* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
 2021-02-11 23:47:05 +01:00