3fa0dd0b88 
								
							 
						 
						
							
							
								
								Merge pull request from GHSA-c2r5-cfqr-c553  
							
							... 
							
							
							
							* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations
* Remove rack-attack safelist 
							
						 
						
							2024-05-30 14:24:29 +02:00  
				
					
						
							
							
								 
						
							
								6e418bf346 
								
							 
						 
						
							
							
								
								Fix cookies secure flag being set when served over Tor ( #17992 )  
							
							
							
						 
						
							2022-04-08 12:47:18 +02:00  
				
					
						
							
							
								 
						
							
								c9e8e1739c 
								
							 
						 
						
							
							
								
								replace all instances of "ends_with?" with "end_with?" ( #15745 )  
							
							... 
							
							
							
							The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle. 
							
						 
						
							2021-02-19 09:56:14 +01:00  
				
					
						
							
							
								 
						
							
								3f8523130d 
								
							 
						 
						
							
							
								
								use host instead of headers to make Rack happy ( #15741 )  
							
							... 
							
							
							
							"headers" is provided by Rails, Rack can't rely on it 
							
						 
						
							2021-02-16 15:28:17 +01:00  
				
					
						
							
							
								 
						
							
								3447bd2f80 
								
							 
						 
						
							
							
								
								Monkey patch Rack::Session to send secure cookies to onions ( #15725 )  
							
							
							
						 
						
							2021-02-14 00:10:52 +01:00  
				
					
						
							
							
								 
						
							
								21fb3f3684 
								
							 
						 
						
							
							
								
								Drop dependency on secure_headers, fix response headers ( #15712 )  
							
							... 
							
							
							
							* Drop dependency on secure_headers, use always_write_cookie instead
* Fix cookies in Tor Hidden Services by moving configuration to application.rb
* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch 
							
						 
						
							2021-02-11 23:47:05 +01:00