class Rackful::HeaderSpoofing
Rack middleware that provides header spoofing.
If you use this middleware, then clients are allowed to spoof an HTTP header by specifying a ‘_http_SOME_HEADER=…` request parameter, for example `example.com/some_resource?_http_DEPTH=infinity`.
This can be useful if you want to specify certain request headers from within a normal web browser.
This middleware won’t work well together with Digest Authentication. @example Using this middleware
require 'rackful/middleware/header_spoofing' use Rackful::HeaderSpoofing
Public Class Methods
new(app)
click to toggle source
# File lib/rackful/middleware/headerspoofing.rb, line 28 def initialize app @app = app end
Public Instance Methods
call(env)
click to toggle source
# File lib/rackful/middleware/headerspoofing.rb, line 32 def call env new_query_string = env['QUERY_STRING']. split('&', -1). select { |p| p = p.split('=', 2) if /\A_http_([a-z]+(?:[\-_][a-z]+)*)\z/i === p[0] header_name = p[0].gsub('-', '_').upcase[1..-1] env[header_name] = p[1] false else true end }. join('&') if env['QUERY_STRING'] != new_query_string env['rackful.header_spoofing.QUERY_STRING'] = env['QUERY_STRING'] env['QUERY_STRING'] = new_query_string end @app.call env end