Class: Rackful::HeaderSpoofing
- Inherits:
-
Object
- Object
- Rackful::HeaderSpoofing
- Defined in:
- lib/rackful/middleware/headerspoofing.rb
Overview
Rack middleware that provides header spoofing.
If you use this middleware, then clients are allowed to spoof an HTTP
header by specifying a _http_SOME_HEADER=...
request
parameter, for example
http://example.com/some_resource?_http_DEPTH=infinity
.
This can be useful if you want to specify certain request headers from within a normal web browser.
This middleware won’t work well together with Digest Authentication.
Instance Method Summary (collapse)
- - (void) call(env)
-
- (HeaderSpoofing) initialize(app)
constructor
A new instance of HeaderSpoofing.
Constructor Details
- (HeaderSpoofing) initialize(app)
Returns a new instance of HeaderSpoofing
23 24 25 |
# File 'lib/rackful/middleware/headerspoofing.rb', line 23 def initialize app @app = app end |
Instance Method Details
- (void) call(env)
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/rackful/middleware/headerspoofing.rb', line 27 def call env new_query_string = env['QUERY_STRING']. split('&', -1). select { |p| p = p.split('=', 2) if /\A_http_([a-z]+(?:[\-_][a-z]+)*)\z/i === p[0] header_name = p[0].gsub('-', '_').upcase[1..-1] env[header_name] = p[1] false else true end }. join('&') if env['QUERY_STRING'] != new_query_string env['rackful.header_spoofing.QUERY_STRING'] = env['QUERY_STRING'] env['QUERY_STRING'] = new_query_string end @app.call env end |