This extension is part of the Rack::Protection project. Run gem install rack-protection to have it available.

Prevented attack


Supported browsers

Google Chrome 2, Safari 4 and later

More infos


Does not accept unsafe HTTP requests when value of Origin HTTP request header does not match default or permitted URIs.

If you want to permit a specific domain, you can pass in as the `:permitted_origins` option:

use Rack::Protection, permitted_origins: ["http://localhost:3000", "http://127.0.01:3000"]

The `:allow_if` option can also be set to a proc to use custom allow/deny logic.