发表新帖
发表新帖

How do I specify Origin Whitelist Options in Sinatra using Rack/Protection

前端 未结
关注
1 1917
走了就别回头了
走了就别回头了 2020-12-24 14:39

I have a web app, lets say http://web.example.com making a POST request to http://api.example.com. The api server is running the latest version of Sinatra with rack protect

相关标签:
1条回答
  • 抹茶落季
    2020-12-24 15:14

    Pass your options as a hash to set :protection:

    set :protection, :origin_whitelist => ['http://web.example.com']

    Sinatra will then pass them through to Rack::Protection when setting it up.

    I suspect the reason it is failing when you have use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://web.example.com'] is that you still have protection enabled, so that you end up with two instances of HttpOrigin. You could try

    set :protection, :except => [:http_origin]
use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://web.example.com']

    (i.e. have both the lines you’ve tried together), but I think the first solution is cleaner.

    0 讨论(0)
 看不清?
提交回复
热议问题