ring-defaults
ring-defaults copied to clipboard
ring-clojure
A library to provide sensible Ring middleware defaults
`site-defaults` enables both the session middleware and [ring-anti-forgery](https://github.com/ring-clojure/ring-anti-forgery). The session middleware [leaks sessions by default](https://github.com/ring-clojure/ring/issues/363) and ring-anti-forgery uses sessions to store the anti-CSRF-tokens it creates. Thus, even if you don't...
**White source utility flagged following issue in commons-io, which is a library used in ring-core:** In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input...
Disable the XSS Auditor in older browsers by default. The X-XSS-Protection header has been deprecated by modern browsers due to security issues it introduces on the client-side. Resolves: #35
Hi, I have some troubles to have a secure and named session cookie. With this code: ```(def app (-> (handler/site app-routes) (wrap-default-charset "utf-8") (wrap-defaults (-> secure-site-defaults (assoc :cookies true) (assoc-in...
Didn't take me too long to find once I put time in it, but have had an enormous amount of complaints on my site that users are not staying logged...
It seems that this option and others such as `:loader` and `:prefer-handler?` are not configurable via defaults. This is also an issue when attempting to configure via duct.
When ring's content-type middleware is used and prevents other (explicitly used) content-type middleware, it can be quite hard to debug, especially because it will fail silently. Any ideas on how...
Would be handy to have it out-of-the-box with `api-defaults` config. What you think?
As you helped me understand in [the issue on ring anti-forgery](https://github.com/ring-clojure/ring-anti-forgery/issues/10), a normal punter will try to use `wrap-defaults` with `site-defaults` and then add `wrap-anti-forgery`, not realising that it is...
Metadata
Owner
Metadata
A library to provide sensible Ring middleware defaults