Class: Rackful::HeaderSpoofing

Inherits:
Object
  • Object
show all
Defined in:
lib/rackful/middleware/headerspoofing.rb

Overview

Rack middleware that provides header spoofing.

If you use this middleware, then clients are allowed to spoof an HTTP header by specifying a _http_SOME_HEADER=... request parameter, for example http://example.com/some_resource?_http_DEPTH=infinity.

This can be useful if you want to specify certain request headers from within a normal web browser.

This middleware won’t work well together with Digest Authentication.

Examples:

Using this middleware

require 'rackful/middleware/header_spoofing'
use Rackful::HeaderSpoofing

Instance Method Summary (collapse)

Constructor Details

- (HeaderSpoofing) initialize(app)

Returns a new instance of HeaderSpoofing



23
24
25
 
# File 'lib/rackful/middleware/headerspoofing.rb', line 23

def initialize app
  @app = app
end

Instance Method Details

- (void) call(env) 



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/rackful/middleware/headerspoofing.rb', line 27

def call env
  new_query_string = env['QUERY_STRING'].
    split('&', -1).
    select {
      |p|
      p = p.split('=', 2)
      if  /\A_http_([a-z]+(?:[\-_][a-z]+)*)\z/i === p[0]
        header_name = p[0].gsub('-', '_').upcase[1..-1]
        env[header_name] = p[1]
        false
      else
        true
      end
    }.
    join('&')
  if env['QUERY_STRING'] != new_query_string
    env['rackful.header_spoofing.QUERY_STRING'] = env['QUERY_STRING']
    env['QUERY_STRING'] = new_query_string
  end
  @app.call env
end