Giter VIP home page Giter VIP logo

ring-defaults's Introduction

Ring-Defaults

Build Status

Knowing what middleware to add to a Ring application, and in what order, can be difficult and prone to error.

This library attempts to automate the process, by providing sensible and secure default configurations of Ring middleware for both websites and HTTP APIs.

Installation

Add the following dependency to your project.clj:

[ring/ring-defaults "0.1.3"]

Basic Usage

The wrap-defaults middleware sets up standard Ring middleware based on a supplied configuration:

(require '[ring.middleware.defaults :refer :all])

(def site
  (wrap-defaults handler site-defaults))

There are four configurations included with the middleware

  • api-defaults
  • site-defaults
  • secure-api-defaults
  • secure-site-defaults

The "api" defaults will add support for urlencoded parameters, but not much else.

The "site" defaults add support for parameters, cookies, sessions, static resources, file uploads, and a bunch of browser-specific security headers.

The "secure" defaults force SSL. Unencrypted HTTP URLs are redirected to the equivlant HTTPS URL, and various headers and flags are sent to prevent the browser sending sensitive information over insecure channels.

Proxies

If your app is sitting behind a load balancer or reverse proxy, as is often the case in cloud-based deployments, you'll want to set :proxy to true:

(assoc secure-site-defaults :proxy true)

This is particularly important when your site is secured with SSL, as the SSL redirect middleware will get caught in a redirect loop if it can't determine the correct URL scheme of the request.

Customizing

The default configurations are just maps of options, and can be customized to suit your needs.

The following configuration keys are supported:

  • :cookies - Set to true to parse cookies from the request.

  • :params - A map of options that describes how to parse parameters from the request.

    • :keywordize - Set to true to turn the parameter keys into keywords.

    • :multipart - Set to true to parse urlencoded parameters in the query string and the request body, or supply a map of options to pass to the standard Ring multipart-params middleware.

    • :nested - Set to true to allow nested parameters via the standard Ring nested-params middleware

    • :urlencoded - Set to true to parse urlencoded parameters in the query string and the request body.

  • :proxy - Set to true if the application is running behind a reverse proxy or load balancer.

  • :responses - A map of options to augment the responses from your application.

    • :absolute-redirects Any redirects to relative URLs will be turned into redirects to absolute URLs, to better conform to the HTTP spec.

    • :content-type Adds the standard Ring content-type middleware.

    • :not-modified-responses Adds the standard Ring not-modified middleware.

  • :security - Options for security related behaviors and headers.

    • :anti-forgery - Set to true to add CSRF protection via the ring-anti-forgery library.

    • :content-type-options - Prevents attacks based around media-type confusion. See: wrap-content-type-options.

    • :frame-options - Prevents your site from being placed in frames or iframes. See: wrap-frame-options.

    • :hsts - If true, enable HTTP Strict Transport Security. See: wrap-hsts.

    • :ssl-redirect - If true, redirect all HTTP requests to the equivalent HTTPS URL. A map with an :ssl-port option may be set instead, if the HTTPS server is on a non-standard port. See: wrap-ssl-redirect.

    • :xss-protection - Enable the X-XSS-Protection header that tells supporting browsers to use heuristics to detect XSS attacks. See: wrap-xss-protection.

  • :session - A map of options for configuring session handling via the Ring session middleware.

    • :flash - If set to true, the Ring flash middleware is added.

    • :store - The Ring session store to use for storing sessions.

  • :static A map of options to configure how to find static content.

    • :files - A string containing a directory on disk to serve files from. Usually the :resources option below is more useful.

    • :resources - A string containing a classpath prefix. This will serve any resources in locations starting with the supplied prefix.

License

Copyright © 2014 James Reeves

Distributed under the MIT License, the same as Ring.

ring-defaults's People

Contributors

drusellers avatar ernestas avatar trptcolin avatar weavejester avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.