Subject: CVS commit: pkgsrc/www/ruby-rack-ssl
From: Takahiro Kambe
Date: 2015-03-13 18:31:37
Message id: 20150313173137.56E2B98@cvs.netbsd.org

Log Message:
Update ruby-rack-ssl to 1.4.1.

* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.

  Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
  the resulting exception. This creates an attack vector for XSS attacks.

* Added more installation/usage instructions into the README

* Return 400 instead of 404 in case of InvalidURIError

* Include Content-Type in 400 response.
  To stay compatible with old Rack versions.

* Skip URI parsing Request#url
  URI may fail to parse some legit URL paths.

Files:
RevisionActionfile
1.5modifypkgsrc/www/ruby-rack-ssl/Makefile
1.4modifypkgsrc/www/ruby-rack-ssl/distinfo
1.1removepkgsrc/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb